feat(server): support name claim for RBAC SSO (#10927)

Signed-off-by: Anton Gilgur <agilgur5@gmail.com>
argoproj · Apr 18, 2023 · d41add4 · d41add4
1 parent 09d48ef
commit d41add4
Show file tree

Hide file tree

Showing 15 changed files with 120 additions and 46 deletions.
diff --git a/Makefile b/Makefile
@@ -139,7 +139,7 @@ define protoc
       -I $(CURDIR) \
       -I $(CURDIR)/vendor \
       -I $(GOPATH)/src \
-      -I $(GOPATH)/pkg/mod/github.com/gogo/protobuf@v1.3.1/gogoproto \
+      -I $(GOPATH)/pkg/mod/github.com/gogo/protobuf@v1.3.2/gogoproto \
       -I $(GOPATH)/pkg/mod/github.com/grpc-ecosystem/grpc-gateway@v1.16.0/third_party/googleapis \
       --gogofast_out=plugins=grpc:$(GOPATH)/src \
       --grpc-gateway_out=logtostderr=true:$(GOPATH)/src \

diff --git a/api/jsonschema/schema.json b/api/jsonschema/schema.json
@@ -4811,6 +4811,9 @@
         "issuer": {
           "type": "string"
         },
+        "name": {
+          "type": "string"
+        },
         "serviceAccountName": {
           "type": "string"
         },

diff --git a/api/openapi-spec/swagger.json b/api/openapi-spec/swagger.json
@@ -8742,6 +8742,9 @@
         "issuer": {
           "type": "string"
         },
+        "name": {
+          "type": "string"
+        },
         "serviceAccountName": {
           "type": "string"
         },

diff --git a/docs/workflow-controller-configmap.yaml b/docs/workflow-controller-configmap.yaml
@@ -361,6 +361,7 @@ data:
     scopes:
      - groups
      - email
+     - profile
     # RBAC Config. >= v2.12
     rbac:
       enabled: false

diff --git a/pkg/apiclient/info/info.pb.go b/pkg/apiclient/info/info.pb.go
diff --git a/pkg/apiclient/info/info.proto b/pkg/apiclient/info/info.proto
@@ -32,6 +32,7 @@ message GetUserInfoResponse {
   bool emailVerified = 5;
   string serviceAccountName = 6;
   string serviceAccountNamespace = 7;
+  string name = 8;
 }
 
 message CollectEventRequest {

diff --git a/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1GetUserInfoResponse.md b/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1GetUserInfoResponse.md
@@ -11,6 +11,7 @@ Name | Type | Description | Notes
 **emailVerified** | **Boolean** |  |  [optional]
 **groups** | **List&lt;String&gt;** |  |  [optional]
 **issuer** | **String** |  |  [optional]
+**name** | **String** |  |  [optional]
 **serviceAccountName** | **String** |  |  [optional]
 **serviceAccountNamespace** | **String** |  |  [optional]
 **subject** | **String** |  |  [optional]

diff --git a/...ython/client/argo_workflows/model/io_argoproj_workflow_v1alpha1_get_user_info_response.py b/...ython/client/argo_workflows/model/io_argoproj_workflow_v1alpha1_get_user_info_response.py
diff --git a/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1GetUserInfoResponse.md b/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1GetUserInfoResponse.md
diff --git a/server/auth/sso/sso.go b/server/auth/sso/sso.go
@@ -287,6 +287,7 @@ func (s *sso) HandleCallback(w http.ResponseWriter, r *http.Request) {
 		Groups:                  groups,
 		Email:                   c.Email,
 		EmailVerified:           c.EmailVerified,
+		Name:                    c.Name,
 		ServiceAccountName:      c.ServiceAccountName,
 		PreferredUsername:       c.PreferredUsername,
 		ServiceAccountNamespace: c.ServiceAccountNamespace,

diff --git a/server/auth/types/claims.go b/server/auth/types/claims.go
@@ -13,6 +13,7 @@ type Claims struct {
 	Groups                  []string               `json:"groups,omitempty"`
 	Email                   string                 `json:"email,omitempty"`
 	EmailVerified           bool                   `json:"email_verified,omitempty"`
+	Name                    string                 `json:"name,omitempty"`
 	ServiceAccountName      string                 `json:"service_account_name,omitempty"`
 	ServiceAccountNamespace string                 `json:"service_account_namespace,omitempty"`
 	PreferredUsername       string                 `json:"preferred_username,omitempty"`

diff --git a/server/info/info_server.go b/server/info/info_server.go
@@ -26,6 +26,7 @@ func (i *infoServer) GetUserInfo(ctx context.Context, _ *infopkg.GetUserInfoRequ
 			Subject:                 claims.Subject,
 			Issuer:                  claims.Issuer,
 			Groups:                  claims.Groups,
+			Name:                    claims.Name,
 			Email:                   claims.Email,
 			EmailVerified:           claims.EmailVerified,
 			ServiceAccountName:      claims.ServiceAccountName,

diff --git a/server/info/info_server_test.go b/server/info/info_server_test.go
@@ -14,12 +14,13 @@ import (
 
 func Test_infoServer_GetUserInfo(t *testing.T) {
 	i := &infoServer{}
-	ctx := context.WithValue(context.TODO(), auth.ClaimsKey, &types.Claims{Claims: jwt.Claims{Issuer: "my-iss", Subject: "my-sub"}, Groups: []string{"my-group"}, Email: "my@email", EmailVerified: true, ServiceAccountName: "my-sa"})
+	ctx := context.WithValue(context.TODO(), auth.ClaimsKey, &types.Claims{Claims: jwt.Claims{Issuer: "my-iss", Subject: "my-sub"}, Groups: []string{"my-group"}, Name: "myname", Email: "my@email", EmailVerified: true, ServiceAccountName: "my-sa"})
 	info, err := i.GetUserInfo(ctx, nil)
 	if assert.NoError(t, err) {
 		assert.Equal(t, "my-iss", info.Issuer)
 		assert.Equal(t, "my-sub", info.Subject)
 		assert.Equal(t, []string{"my-group"}, info.Groups)
+		assert.Equal(t, "myname", info.Name)
 		assert.Equal(t, "my@email", info.Email)
 		assert.True(t, info.EmailVerified)
 		assert.Equal(t, "my-sa", info.ServiceAccountName)

diff --git a/ui/src/app/userinfo/components/user-info.tsx b/ui/src/app/userinfo/components/user-info.tsx
@@ -49,6 +49,10 @@ export class UserInfo extends BasePage<RouteComponentProps<any>, State> {
                                 <dt>Groups:</dt>
                                 <dd>{(this.state.userInfo.groups && this.state.userInfo.groups.length > 0 && this.state.userInfo.groups.join(', ')) || '-'}</dd>
                             </dl>
+                            <dl>
+                                <dt>Name:</dt>
+                                <dd>{this.state.userInfo.name || '-'}</dd>
+                            </dl>
                             <dl>
                                 <dt>Email:</dt>
                                 <dd>{this.state.userInfo.email || '-'}</dd>

diff --git a/ui/src/models/info.ts b/ui/src/models/info.ts
@@ -25,6 +25,7 @@ export interface GetUserInfoResponse {
     subject?: string;
     issuer?: string;
     groups?: string[];
+    name?: string;
     email?: string;
     emailVerified?: boolean;
     serviceAccountName?: string;