UNCLASSIFIED - NO CUI

feat: configure gitlab groups from external oidc groups

Noah Birrerrequested to merge
feat/gitlab-oidc-group-members into master

General MR

Summary

This Merge Request adds the ability to configure GitLab users based on OIDC group membership. The impacted config is the gitlab-sso-provider secret that is deployed alongside the GitLab HelmRelease.

The following values can now be included in addons.gitlab.sso:

groups:
  groupsAttribute: ""
  requiredGroups: []
  externalGroups: []
  auditorGroups: []
  adminGroups: []

This addition is backwards compatible. If a user does not supply any groups in their GitLab values, the gitlab-sso-provider secret will still render a valid JSON object.

NOTE: That this is only a GitLab premium/ultimate feature.

Relevant logs/screenshots

GitLab Docs on configuring external groups - ref

Linked Issue

issue

Upgrade Notices

N/A

Edited by Noah Birrer

Merge request reports

UNCLASSIFIED - NO CUI