Fix OIDC username claim not overridable for azure (#415)

Fix Issue #414 where only google OIDC Username claim and regexp were overridable. This was incorrect, and should have never been the case, this is especially important for azure since some Entra ID deployments do not specify email addresses in the OIDC token. Co-authored-by: Glenn Schuurman <[email protected]>
acryldata · Dec 21, 2023 · 46dda20 · 46dda20
1 parent a0d5e88
commit 46dda20
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 6 deletions.
diff --git a/charts/datahub/Chart.yaml b/charts/datahub/Chart.yaml
@@ -14,7 +14,7 @@ dependencies:
     repository: file://./subcharts/datahub-gms
     condition: datahub-gms.enabled
   - name: datahub-frontend
-    version: 0.2.151
+    version: 0.2.152
     repository: file://./subcharts/datahub-frontend
     condition: datahub-frontend.enabled
   - name: datahub-mae-consumer

diff --git a/charts/datahub/subcharts/datahub-frontend/Chart.yaml b/charts/datahub/subcharts/datahub-frontend/Chart.yaml
@@ -12,7 +12,7 @@ description: A Helm chart for Kubernetes
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 0.2.151
+version: 0.2.152
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
 appVersion: v0.11.0
diff --git a/charts/datahub/subcharts/datahub-frontend/templates/deployment.yaml b/charts/datahub/subcharts/datahub-frontend/templates/deployment.yaml
@@ -220,15 +220,15 @@ spec:
             {{- end }}
             - name: AUTH_OIDC_BASE_URL
               value: https://{{ (first $.Values.ingress.hosts).host }}
+            - name: AUTH_OIDC_USER_NAME_CLAIM
+              value: {{ .user_name_claim | default "email" }}
+            - name: AUTH_OIDC_USER_NAME_CLAIM_REGEX
+              value: {{ .user_name_claim_regex | default "([^@]+)" }}
             {{- if eq .provider "google" }}
             - name: AUTH_OIDC_DISCOVERY_URI
               value: https://accounts.google.com/.well-known/openid-configuration
             - name: AUTH_OIDC_SCOPE
               value: {{ .scope | default "openid profile email" }}
-            - name: AUTH_OIDC_USER_NAME_CLAIM
-              value: {{ .user_name_claim | default "email" }}
-            - name: AUTH_OIDC_USER_NAME_CLAIM_REGEX
-              value: {{ .user_name_claim_regex | default "([^@]+)" }}
             {{- else if eq .provider "okta" }}
             - name: AUTH_OIDC_DISCOVERY_URI
               value: https://{{ .oktaDomain }}/.well-known/openid-configuration