feat: AzureAAD groups support

components/09-nautobot/base/nautobot/templates/configmap.yaml

@@ -29,6 +29,8 @@ data:
   NAUTOBOT_REDIS_SSL: "False"
   NAUTOBOT_SUPERUSER_EMAIL: "[email protected]"
   NAUTOBOT_SUPERUSER_NAME: "admin"
+  RAX_SUPERUSER_GROUPS: undercloud-dev
+  RAX_STAFF_GROUPS: undercloud-dev
 ---
 # Source: nautobot/templates/configmap.yaml
 apiVersion: v1

components/13-dexidp/values.yaml

@@ -14,8 +14,9 @@ config:
     config:
       inCluster: true
 
-  # Enable at least one connector
-  # See https://dexidp.io/docs/connectors/ for more options
+  oauth2:
+    skipApprovalScreen: true
+
   enablePasswordDB: false
   connectors:
     - type: keystone
@@ -31,7 +32,7 @@ config:
         keystoneUsername: demo
         keystonePassword: DEMO_PASS
     - type: oidc
-      name: azure
+      name: Azure
       id: azure
       config:
         issuer: $AZURE_ISSUER
@@ -41,14 +42,12 @@ config:
         scopes:
           - openid
           - email
+          - offline_access
         insecureSkipEmailVerified: true
-        # enabling insecureEnableGroups adds the list of group UUIDs to the
-        # access token, which in turn results in a HTTP headers for requests to
-        # https://dexidp.local/userinfo being way too large for Ingress
-        # controller and python requests library. Even after adjusting ingress
-        # controlloer, the Nautobot still cannot handle token that large.
-        insecureEnableGroups: false
+        insecureEnableGroups: true
         getUserInfo: true
+        claimMapping:
+          groups: "roles"
   logger:
     level: info