Skip to content

Commit 70c353f

Browse files
hamza-m-masoodhamza-m-masood
authored
fix: add back mapping rules in the orchestration cluster (#4545)
1 parent 2a0c9fc commit 70c353f

File tree

7 files changed

+36
-3
lines changed

7 files changed

+36
-3
lines changed

charts/camunda-platform-8.8/README.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1339,11 +1339,13 @@ Please see the corresponding [release guide](../../docs/release.md) to find out
13391339
| `orchestration.security.initialization.users.email,` | the email of an initial user. | |
13401340
| `orchestration.security.initialization.defaultRoles` | assigning initial users to default roles. More roles can be added to the dictionary: https://docs.camunda.io/docs/next/components/concepts/access-control/authorizations/#default-roles | |
13411341
| `orchestration.security.initialization.defaultRoles.admin.users` | defines the initial users that will get the admin permission | `["demo"]` |
1342+
| `orchestration.security.initialization.defaultRoles.admin.mappingRules` | defines the mapping rule IDs for role assignment | `[]` |
13421343
| `orchestration.security.initialization.defaultRoles.connectors.users` | defines the initial users that will get the connectors permission | `["connectors"]` |
13431344
| `orchestration.security.initialization.defaultRoles.connectors.clients` | define clients for the orchestration cluster. | `["connectors"]` |
1345+
| `orchestration.security.initialization.defaultRoles.connectors.mappingRules` | defines the mapping rule IDs for role assignment | `[]` |
13441346
| `orchestration.security.initialization.defaultRoles.connectors.users[0].connectors` | Needed for basic auth setup. Can be removed for OIDC. Define the connectors user with the connectors role. | |
13451347
| `orchestration.security.initialization.defaultRoles.connectors.clients[0].connectors` | Needed for OIDC setup. Can be removed for basic auth. Define the connectors client with the connrectors role. | |
1346-
| `orchestration.security.initialization.mappingRules` | define mapping rules. | `[]` |
1348+
| `orchestration.security.initialization.mappingRules` | defines the mapping rules when connected to an OIDC provider. | `[]` |
13471349
| `orchestration.image` | configuration to configure the image specifics | |
13481350
| `orchestration.image.registry` | can be used to set container image registry. | `""` |
13491351
| `orchestration.image.repository` | defines which image repository to use | `camunda/camunda` |

charts/camunda-platform-8.8/templates/orchestration/files/_application-unified.yaml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -134,6 +134,10 @@ camunda:
134134
users:
135135
{{- .Values.orchestration.security.initialization.users | toYaml | nindent 8 }}
136136
{{- end }}
137+
{{- if .Values.orchestration.security.initialization.mappingRules }}
138+
mapping-rules:
139+
{{- .Values.orchestration.security.initialization.mappingRules | toYaml | nindent 8 }}
140+
{{- end }}
137141
multiTenancy:
138142
checksEnabled: {{ include "orchestration.multitenancyChecksEnabled" . }}
139143
apiEnabled: {{ include "orchestration.multitenancyApiEnabled" . }}

charts/camunda-platform-8.8/test/unit/orchestration/golden/configmap-authorizations.golden.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -99,11 +99,13 @@ data:
9999
initialization:
100100
default-roles:
101101
admin:
102+
mappingRules: []
102103
users:
103104
- demo
104105
connectors:
105106
clients:
106107
- connectors
108+
mappingRules: []
107109
users:
108110
- connectors
109111
users:

charts/camunda-platform-8.8/test/unit/orchestration/golden/configmap-log4j2.golden.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -99,11 +99,13 @@ data:
9999
initialization:
100100
default-roles:
101101
admin:
102+
mappingRules: []
102103
users:
103104
- demo
104105
connectors:
105106
clients:
106107
- connectors
108+
mappingRules: []
107109
users:
108110
- connectors
109111
users:

charts/camunda-platform-8.8/test/unit/orchestration/golden/configmap-unified.golden.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -99,11 +99,13 @@ data:
9999
initialization:
100100
default-roles:
101101
admin:
102+
mappingRules: []
102103
users:
103104
- demo
104105
connectors:
105106
clients:
106107
- connectors
108+
mappingRules: []
107109
users:
108110
- connectors
109111
users:

charts/camunda-platform-8.8/values.schema.json

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5175,6 +5175,12 @@
51755175
"items": {
51765176
"type": "string"
51775177
}
5178+
},
5179+
"mappingRules": {
5180+
"type": "array",
5181+
"description": "defines the mapping rule IDs for role assignment",
5182+
"default": [],
5183+
"items": {}
51785184
}
51795185
}
51805186
},
@@ -5200,14 +5206,20 @@
52005206
"items": {
52015207
"type": "string"
52025208
}
5209+
},
5210+
"mappingRules": {
5211+
"type": "array",
5212+
"description": "defines the mapping rule IDs for role assignment",
5213+
"default": [],
5214+
"items": {}
52035215
}
52045216
}
52055217
}
52065218
}
52075219
},
52085220
"mappingRules": {
52095221
"type": "array",
5210-
"description": "define mapping rules.",
5222+
"description": "defines the mapping rules when connected to an OIDC provider.",
52115223
"default": [],
52125224
"items": {}
52135225
}

charts/camunda-platform-8.8/values.yaml

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2467,20 +2467,29 @@ orchestration:
24672467
email: [email protected]
24682468
## @extra orchestration.security.initialization.defaultRoles assigning initial users to default roles. More roles can be added to the dictionary: https://docs.camunda.io/docs/next/components/concepts/access-control/authorizations/#default-roles
24692469
## @param orchestration.security.initialization.defaultRoles.admin.users defines the initial users that will get the admin permission
2470+
## @param orchestration.security.initialization.defaultRoles.admin.mappingRules defines the mapping rule IDs for role assignment
24702471
## @param orchestration.security.initialization.defaultRoles.connectors.users defines the initial users that will get the connectors permission
24712472
## @param orchestration.security.initialization.defaultRoles.connectors.clients define clients for the orchestration cluster.
2473+
## @param orchestration.security.initialization.defaultRoles.connectors.mappingRules defines the mapping rule IDs for role assignment
24722474
defaultRoles:
24732475
admin:
2476+
mappingRules: []
24742477
users:
24752478
- demo
24762479
connectors:
2480+
mappingRules: []
24772481
users:
24782482
## @extra orchestration.security.initialization.defaultRoles.connectors.users[0].connectors Needed for basic auth setup. Can be removed for OIDC. Define the connectors user with the connectors role.
24792483
- connectors
24802484
clients:
24812485
## @extra orchestration.security.initialization.defaultRoles.connectors.clients[0].connectors Needed for OIDC setup. Can be removed for basic auth. Define the connectors client with the connrectors role.
24822486
- connectors
2483-
## @param orchestration.security.initialization.mappingRules define mapping rules.
2487+
## @param orchestration.security.initialization.mappingRules defines the mapping rules when connected to an OIDC provider.
2488+
# Example:
2489+
# mappingRules:
2490+
# - mappingRuleID: demo-user-mapping-rule
2491+
# claimName: preferred_username
2492+
# claimValue: demo
24842493
mappingRules: []
24852494
## @extra orchestration.image configuration to configure the image specifics
24862495
image:

0 commit comments

Comments
 (0)