Due to the ORY Kratos claims which has no group/groups, and as
discussed regarding mapping idp groups to Claims.Team which is string
type, Added idpGroup to kratos trait which is also string type. Both
Identity idpGroup and Claim.Team can be mapped without fail in mapper
config.
The idp_groups is list of groups IdP user belongs to that is returning
in the OIdC providers token response. The flow of Idp Group mapping is
as follows:
OIdC Provider (OP) return custom claim with groups in a token when
authentication event
|
The value of custom claim is mapped to `idp_groups` of identity
traint using JsonNet mapper.
|
On inserting/updating/deleting `identities` table, Postgresql
sends a pg_notification with
`PG_OPERATION,IDENTITY_ID,IDENTITY_TRAIN` as a payload.
|
The `pkg/service/user.UserService.UpdateIdpUserGroupPolicy` update
the casbin policies for each notification based on payload received.
* Add DB_ADDR to env vars list
* Add Dockerfile and docker-compose
* Remove go.mod from _kratos dir and clean go.mod of root dir
* Run Kratos docker-compose quickstart from root dir
* Add gomigrate to docker-compose
* Bump docker-composen version to 3.7
* Add Kratos services in the single docker compose file
Removed Kratos quickstart files and merge all setup required for
rcloud-base in the kratos-compose.yml file located in the root of the
repo.
* Add elasticsearch in docker-compose
* Allow es to not be available in when in dev mode
* Change default ES endpoint
Co-authored-by: Abin Simon <abin.simon@rafay.co>
* restructure rcloud-base as a single base controller
* updated master.rest
* moved sentry from internal to pkg as it is used by relay
* removing unused rpc and it's dependencies
* Fix usermgmt tests
* Don't redefine variables in rest file
Co-authored-by: Abin Simon <abin.simon@rafay.co>
