Configure users based on Keycloak group membership
Bug
Description
We wanted to configure Gitlab users based on the Keycloak group. Based on Gitlab doc (https://docs.gitlab.com/ee/administration/auth/oidc.html?tab=Linux+package+%28Omnibus%29#administrator-groups), we have to configure Gitlab to identify what to look for in the Keycloak response. This is currently set as the secret (https://repo1.dso.mil/big-bang/bigbang/-/blob/2.1.0/chart/templates/gitlab/secret-sso.yaml?ref_type=tags#L33) in Bigbang, but it does not have the capability as of now. Request to provide the option to add additional config to the secret. Example below:
name: "openid_connect",
label: "Provider name",
args: {
name: "openid_connect",
scope: ["openid","profile","email"],
response_type: "code",
issuer: "<your_oidc_url>",
discovery: true,
client_auth_method: "query",
uid_field: "<uid_field>",
client_options: {
identifier: "<your_oidc_client_id>",
secret: "<your_oidc_client_secret>",
redirect_uri: "<your_gitlab_url>/users/auth/openid_connect/callback",
gitlab: {
groups_attribute: "groups",
admin_groups: ["Admin"]
}
}
}
}
Provide any steps possible used to reproduce the error (ideally in an isolated fashion).
## BigBang Version
What version of BigBang were you running? BB 2.1.0
This can be retrieved multiple ways:
```bash
# via helm
helm ls -n bigbang
# via the deployed umbrella git tag
kubectl get gitrepository -n bigbang