Allow mapping of OIDC attributes in helm charts

opf · Nov 28, 2023 · acf0e41 · acf0e41
1 parent fa206f6
commit acf0e41
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/charts/openproject/templates/secrets.yaml b/charts/openproject/templates/secrets.yaml
@@ -45,8 +45,10 @@ stringData:
   {{ $oidc_prefix }}_USERINFO__ENDPOINT: {{ .Values.openproject.oidc.userinfoEndpoint | quote }}
   {{ $oidc_prefix }}_END__SESSION__ENDPOINT: {{ .Values.openproject.oidc.endSessionEndpoint | quote }}
   {{ $oidc_prefix }}_SCOPE: {{ .Values.openproject.oidc.scope | quote }}
-  # Until https://community.openproject.org/wp/42390 is fixed (probably 12.5) we need the following setting
-  OPENPROJECT_SELF__REGISTRATION: "3"
+  {{- range $key, $value := .Values.openproject.oidc.attribute_map }}
+  {{ $mapping_key := printf "%s_ATTRIBUTE_MAP_%s" $oidc_prefix (upper $key) }}
+  {{ $mapping_key }}: {{ $value | quote }}
+  {{- end }}
   {{- end }}
   {{- if .Values.s3.enabled }}
   OPENPROJECT_ATTACHMENTS__STORAGE: fog

diff --git a/charts/openproject/values.yaml b/charts/openproject/values.yaml
@@ -266,6 +266,8 @@ openproject:
     userinfoEndpoint: ""
     endSessionEndpoint: ""
     scope: "[openid]"
+    # Optional attribute mappings from the id token
+    attribute_map: {}
 
   ## Modify PostgreSQL statement timout.
   ## Increase in case you get errors such as "ERROR: canceling statement due to statement timeout".