Description

Currently Rancher maintains a refresh token to synchronise user data between an upstream OIDC provider and the user.

This token expires (and can be invalidated) and this leads to lots of logged errors indicating that the data couldn't be updated because the refresh token is not valid.

This proposes a declarative controller approach, which would use a set of read-only credentials to synchronise user data.

Goals

  • Declaration-based synchronization
  • Take ownership of Rancher v3 Users and ensure the data is up-to-date for them by talking to upstream service APIs (LDAP, Keycloak etc).

Future enhancements might involve synchronisation of users into groups too.

Resources

Looking for hackers with the skills:

Nothing? Add some keywords!

This project is part of:

Hack Week 24

Activity

  • 27 days ago: kevinm originated this project.

  • Comments

    Be the first to comment!

    Similar Projects

    This project is one of its kind!