Allow mapping more than one IdP groups to an OIdC identity. This
commit upgrades the kratos version (v0.11.0). Kratos v0.11.0 parses
all id token claims into `raw_claims`. The `raw_claims` can be used in
JsonNet mapper to map non-standard claims like `groups` to identity
traits.
Fixes#109
This also includes:
* Remove verbose bug debug logs
* Removes elasticsearch service from docker compose file
Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com>
* Upgrade kratos service to v0.10.1
Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com>
* Upgrade kratos-client-go to v0.10.1
Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com>
* generate password feature for kratos admin creation
Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com>
* Add forceReset property in user spec
Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com>
* added forcereset in the init script
Signed-off-by: mabhi <abhijit.mukherjee@infracloud.io>
* Resolve conflicts
Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com>
* Stdout default admin password in initialize script
Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com>
* setting password for new user and sending default password in create user response
Signed-off-by: mabhi <abhijit.mukherjee@infracloud.io>
* added new endpoint to service force reset flag update after resetting complete outside authz
Signed-off-by: mabhi <abhijit.mukherjee@infracloud.io>
* removed unnecessary overhead in the forcereset endpoint and updated user type proto to remove unused fields
Signed-off-by: mabhi <abhijit.mukherjee@infracloud.io>
Due to the ORY Kratos claims which has no group/groups, and as
discussed regarding mapping idp groups to Claims.Team which is string
type, Added idpGroup to kratos trait which is also string type. Both
Identity idpGroup and Claim.Team can be mapped without fail in mapper
config.
The idp_groups is list of groups IdP user belongs to that is returning
in the OIdC providers token response. The flow of Idp Group mapping is
as follows:
OIdC Provider (OP) return custom claim with groups in a token when
authentication event
|
The value of custom claim is mapped to `idp_groups` of identity
traint using JsonNet mapper.
|
On inserting/updating/deleting `identities` table, Postgresql
sends a pg_notification with
`PG_OPERATION,IDENTITY_ID,IDENTITY_TRAIN` as a payload.
|
The `pkg/service/user.UserService.UpdateIdpUserGroupPolicy` update
the casbin policies for each notification based on payload received.
* Add DB_ADDR to env vars list
* Add Dockerfile and docker-compose
* Remove go.mod from _kratos dir and clean go.mod of root dir
* Run Kratos docker-compose quickstart from root dir
* Add gomigrate to docker-compose
* Bump docker-composen version to 3.7
* Add Kratos services in the single docker compose file
Removed Kratos quickstart files and merge all setup required for
rcloud-base in the kratos-compose.yml file located in the root of the
repo.
* Add elasticsearch in docker-compose
* Allow es to not be available in when in dev mode
* Change default ES endpoint
Co-authored-by: Abin Simon <abin.simon@rafay.co>
* restructure rcloud-base as a single base controller
* updated master.rest
* moved sentry from internal to pkg as it is used by relay
* removing unused rpc and it's dependencies
* Fix usermgmt tests
* Don't redefine variables in rest file
Co-authored-by: Abin Simon <abin.simon@rafay.co>
