incusd: allow custom oidc scope #1112
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
One key element of note. No validation exists to ensure the theoretically required scopes I'm also unaware of the impact for the UI and related projects. General motivations:
|
james-d-elliott
force-pushed
the
feat-oidc-scope
branch
from
646f7ae
to
be0b362
Compare
|
Hello, Can you edit your commit to include the required In general, I think it makes sense to make the OIDC scope list be configurable so we can indeed request access to additional userinfo data that can then be used alongside I'd probably call it |
james-d-elliott
force-pushed
the
feat-oidc-scope
branch
from
be0b362
to
b210543
Compare
|
Hey thanks for the feedback. I believe I've made the requested adjustments. I'm not super familiar with the codebase so I may have missed something. I just copied previous similar additions. Also our guide for incus integration if it's of interest is here. |
Signed-off-by: Stéphane Graber <[email protected]>
Signed-off-by: Stéphane Graber <[email protected]>
Signed-off-by: Stéphane Graber <[email protected]>
Signed-off-by: Stéphane Graber <[email protected]>
stgraber
force-pushed
the
feat-oidc-scope
branch
from
b210543
to
ad58f75
Compare
github-actions
bot
added
Documentation
stgraber
approved these changes
Aug 17, 2024
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Sep 23, 2024
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [lxc/incus](https://github.com/lxc/incus) | minor | `v6.4.0` -> `v6.5.0` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>lxc/incus (lxc/incus)</summary> ### [`v6.5.0`](https://github.com/lxc/incus/releases/tag/v6.5.0): Incus 6.5 [Compare Source](lxc/incus@v6.4.0...v6.5.0) ### Release announcement https://discuss.linuxcontainers.org/t/incus-6-5-has-been-released/21544 #### What's Changed - incus/remote/list: Add column flag by [@​HassanAlsamahi](https://github.com/HassanAlsamahi) in lxc/incus#1101 - Cluster group list add column flag by [@​HassanAlsamahi](https://github.com/HassanAlsamahi) in lxc/incus#1102 - Translations update from Hosted Weblate by [@​weblate](https://github.com/weblate) in lxc/incus#1105 - client: docs improvements by [@​decentral1se](https://github.com/decentral1se) in lxc/incus#1104 - incusd/storage: Fix UsedBy values for sub-directory volumes by [@​stgraber](https://github.com/stgraber) in lxc/incus#1107 - client: fix typo by [@​decentral1se](https://github.com/decentral1se) in lxc/incus#1110 - incusd/instance: Fix backup file locking issue by [@​stgraber](https://github.com/stgraber) in lxc/incus#1108 - incusd/projects: Don't fail project creation on missing pools by [@​stgraber](https://github.com/stgraber) in lxc/incus#1109 - Add support for generic PCI hotplug/hotremove by [@​stgraber](https://github.com/stgraber) in lxc/incus#1111 - Translations update from Hosted Weblate by [@​weblate](https://github.com/weblate) in lxc/incus#1113 - Operation list add column flag by [@​HassanAlsamahi](https://github.com/HassanAlsamahi) in lxc/incus#1114 - doc/firewalld: Update Docker link by [@​stgraber](https://github.com/stgraber) in lxc/incus#1116 - Network zone list add column flag by [@​HassanAlsamahi](https://github.com/HassanAlsamahi) in lxc/incus#1117 - Network forward list add column flag by [@​HassanAlsamahi](https://github.com/HassanAlsamahi) in lxc/incus#1118 - Add support for manual QMP configuration by [@​bensmrs](https://github.com/bensmrs) in lxc/incus#1115 - Translations update from Hosted Weblate by [@​weblate](https://github.com/weblate) in lxc/incus#1120 - incusd/forknet_dhcp: Add hostname to dhcp request by [@​bketelsen](https://github.com/bketelsen) in lxc/incus#1123 - Network list leases add column flag by [@​HassanAlsamahi](https://github.com/HassanAlsamahi) in lxc/incus#1122 - Translations update from Hosted Weblate by [@​weblate](https://github.com/weblate) in lxc/incus#1125 - doc: Update incus_alias.md by [@​simos](https://github.com/simos) in lxc/incus#1124 - Network list allocations add column flag by [@​HassanAlsamahi](https://github.com/HassanAlsamahi) in lxc/incus#1126 - Add OVN load-balancer health checks by [@​stgraber](https://github.com/stgraber) in lxc/incus#1127 - Prompt for dir storage pool location by [@​stgraber](https://github.com/stgraber) in lxc/incus#1129 - Network integration add column flag by [@​HassanAlsamahi](https://github.com/HassanAlsamahi) in lxc/incus#1130 - Storage bucket list add column flag by [@​HassanAlsamahi](https://github.com/HassanAlsamahi) in lxc/incus#1131 - incusd: allow custom oidc scope by [@​james-d-elliott](https://github.com/james-d-elliott) in lxc/incus#1112 - Storage bucket key list add column flag by [@​HassanAlsamahi](https://github.com/HassanAlsamahi) in lxc/incus#1134 - Snapshot list add column flag by [@​HassanAlsamahi](https://github.com/HassanAlsamahi) in lxc/incus#1135 - incusd/storage/lvm: Fix resize logic to conserve LV state by [@​stgraber](https://github.com/stgraber) in lxc/incus#1136 - incusd/network/ovn: Set missing send_periodic field by [@​stgraber](https://github.com/stgraber) in lxc/incus#1138 - Improve performance of internal profile and instance listings by [@​stgraber](https://github.com/stgraber) in lxc/incus#1140 - Cluster list tokens add column flag by [@​HassanAlsamahi](https://github.com/HassanAlsamahi) in lxc/incus#1139 - incusd/main_forknet: Tweak DHCP client to apply DNS first by [@​stgraber](https://github.com/stgraber) in lxc/incus#1141 - Improvements to OVN interconnect by [@​stgraber](https://github.com/stgraber) in lxc/incus#1142 - incusd/storage_volumes_state: Handle unsupported response from drivers by [@​stgraber](https://github.com/stgraber) in lxc/incus#1143 - lxd-to-incus: Handle Incus socket in /run/incus/ by [@​stgraber](https://github.com/stgraber) in lxc/incus#1144 - Fix OVN interconnect ECMP handling by [@​stgraber](https://github.com/stgraber) in lxc/incus#1145 - OpenFGA fixes by [@​stgraber](https://github.com/stgraber) in lxc/incus#1146 - Config trust list tokens add column flag by [@​HassanAlsamahi](https://github.com/HassanAlsamahi) in lxc/incus#1148 - Network peer list add column flag by [@​HassanAlsamahi](https://github.com/HassanAlsamahi) in lxc/incus#1150 - Network load balancer list add column flag by [@​HassanAlsamahi](https://github.com/HassanAlsamahi) in lxc/incus#1151 - Translations update from Hosted Weblate by [@​weblate](https://github.com/weblate) in lxc/incus#1152 - doc: Update Cloud-Init User Example by [@​amayer5125](https://github.com/amayer5125) in lxc/incus#1155 - Fix backup struct naming and swagger metadata by [@​stgraber](https://github.com/stgraber) in lxc/incus#1156 - incusd/device/nic: Make burst rate dynamic for ingress traffic by [@​stgraber](https://github.com/stgraber) in lxc/incus#1157 - Make OVS path configurable by [@​stgraber](https://github.com/stgraber) in lxc/incus#1159 - Allow live resize of VM disks by [@​stgraber](https://github.com/stgraber) in lxc/incus#1158 - incusd/network/ovn: Limit MAC_Binding explosion by [@​stgraber](https://github.com/stgraber) in lxc/incus#1160 - incusd/apparmor: Don't constantly query the version and cache by [@​stgraber](https://github.com/stgraber) in lxc/incus#1161 - incusd/storage/driver/dir: Don't needlessly re-apply project id on qu… by [@​stgraber](https://github.com/stgraber) in lxc/incus#1163 - incusd/storage/lvm: Retry setactivation skip for busy environments by [@​stgraber](https://github.com/stgraber) in lxc/incus#1164 - Add startup scriptlets by [@​bensmrs](https://github.com/bensmrs) in lxc/incus#1162 - Bump minimum Go to 1.22 by [@​stgraber](https://github.com/stgraber) in lxc/incus#1165 - Storage related fixes by [@​stgraber](https://github.com/stgraber) in lxc/incus#1166 - Implement boot.autorestart by [@​stgraber](https://github.com/stgraber) in lxc/incus#1167 - client: Fix error handling in push mode copy by [@​stgraber](https://github.com/stgraber) in lxc/incus#1168 - incusd/network/ovn: Fix send_periodic syntax by [@​stgraber](https://github.com/stgraber) in lxc/incus#1169 - Better handle cluster group validation by [@​stgraber](https://github.com/stgraber) in lxc/incus#1172 - Implement LVM metadatasize configuration by [@​stgraber](https://github.com/stgraber) in lxc/incus#1173 - incusd/storage/zfs: Only attempt to load the module if the tools exist by [@​stgraber](https://github.com/stgraber) in lxc/incus#1177 - incusd/instance/edk2: Add Void Linux x86\_64 paths by [@​dkwo](https://github.com/dkwo) in lxc/incus#1178 - incusd/profiles: Empty default profile on forced deletion by [@​stgraber](https://github.com/stgraber) in lxc/incus#1180 - incusd/storage/drivers/ceph: Rework parseParent by [@​stgraber](https://github.com/stgraber) in lxc/incus#1181 - Revert "incusd/instance/agent-loader: Don't hardcode path" by [@​stgraber](https://github.com/stgraber) in lxc/incus#1182 - Improve startup performance on busy systems by [@​stgraber](https://github.com/stgraber) in lxc/incus#1183 - Various bugfixes by [@​stgraber](https://github.com/stgraber) in lxc/incus#1185 - Rework PCI hotplug by [@​stgraber](https://github.com/stgraber) in lxc/incus#1186 - Fix EDK2 firmware detection logic by [@​stgraber](https://github.com/stgraber) in lxc/incus#1187 - incus-user: Handle deleted projects by [@​stgraber](https://github.com/stgraber) in lxc/incus#1190 - OVN small additions and fixes by [@​stgraber](https://github.com/stgraber) in lxc/incus#1189 #### New Contributors - [@​decentral1se](https://github.com/decentral1se) made their first contribution in lxc/incus#1104 - [@​james-d-elliott](https://github.com/james-d-elliott) made their first contribution in lxc/incus#1112 - [@​amayer5125](https://github.com/amayer5125) made their first contribution in lxc/incus#1155 - [@​dkwo](https://github.com/dkwo) made their first contribution in lxc/incus#1178 **Full Changelog**: lxc/incus@v6.4.0...v6.5.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds the option to customize the effective scope of authorizations via OpenID Connect 1.0.