GitLab is an oidcTokenProvider

Signed-off-by: Jamie Klassen <jklassen@vmware.com>
This commit is contained in:
Jamie Klassen
2023-02-16 14:02:58 -05:00
parent ab750ddc4f
commit 8adeb19b37
4 changed files with 17 additions and 3 deletions
+5
View File
@@ -0,0 +1,5 @@
---
'@backstage/plugin-kubernetes': patch
---
GitLab can now be used as an `oidcTokenProvider` for Kubernetes clusters
+5 -1
View File
@@ -18,7 +18,11 @@ Settings for local development:
- Name: Backstage (or your custom app name)
- Redirect URI: `http://localhost:7007/api/auth/gitlab/handler/frame`
- Scopes: `read_api` and `read_user`
- Scopes: `read_user` for sign-in. If you also need ID tokens (e.g. if you are
using the Kubernetes plugin and have clusters with `authProvider: oidc` and
[`oidcTokenProvider:
gitlab`](https://backstage.io/docs/features/kubernetes/configuration/#clustersoidctokenprovider-optional)),
add the `openid` scope.
## Configuration
+3 -2
View File
@@ -160,8 +160,9 @@ auth:
audience: ${AUTH_OKTA_AUDIENCE}
```
The following values are supported out-of-the-box by the frontend: `google`, `microsoft`,
`okta`, `onelogin`.
The following values are supported out-of-the-box by the frontend: `gitlab` (the
application whose `clientId` is used by the auth provider should be granted the
`openid` scope), `google`, `microsoft`, `okta`, `onelogin`.
Take note that `oidcTokenProvider` is just the issuer for the token, you can use any
of these with an OIDC enabled cluster, like using `microsoft` as the issuer for a EKS
+4
View File
@@ -23,6 +23,7 @@ import {
createRouteRef,
discoveryApiRef,
identityApiRef,
gitlabAuthApiRef,
googleAuthApiRef,
microsoftAuthApiRef,
oktaAuthApiRef,
@@ -49,18 +50,21 @@ export const kubernetesPlugin = createPlugin({
createApiFactory({
api: kubernetesAuthProvidersApiRef,
deps: {
gitlabAuthApi: gitlabAuthApiRef,
googleAuthApi: googleAuthApiRef,
microsoftAuthApi: microsoftAuthApiRef,
oktaAuthApi: oktaAuthApiRef,
oneloginAuthApi: oneloginAuthApiRef,
},
factory: ({
gitlabAuthApi,
googleAuthApi,
microsoftAuthApi,
oktaAuthApi,
oneloginAuthApi,
}) => {
const oidcProviders = {
gitlab: gitlabAuthApi,
google: googleAuthApi,
microsoft: microsoftAuthApi,
okta: oktaAuthApi,