Bug 1677250

Summary: Allow github identity provider to require team membership
Product: OpenShift Container Platform Reporter: scheng
Component: apiserver-authAssignee: Standa Laznicka <slaznick>
Status: CLOSED ERRATA QA Contact: Chuan Yu <chuyu>
Severity: high Docs Contact:
Priority: high    
Version: 4.1.0CC: aos-bugs, evb, slaznick
Target Milestone: ---   
Target Release: 4.1.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-04 10:44:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 1 Standa Laznicka 2019-02-14 11:57:26 UTC 
Handled in https://github.com/openshift/cluster-authentication-operator/pull/71, I went through all the IdPs again this time to re-check so hopefully none other attributes should be missing from now on.
Comment 2 Standa Laznicka 2019-02-15 07:33:17 UTC 
PR got merged
Comment 3 scheng 2019-02-18 03:27:25 UTC 
Verified

# oc logs -f openshift-authentication-d957c57df-kdhrv
<-snip->
E0218 03:22:52.315082       1 errorpage.go:26] AuthenticationError: User barleyer is not a member of any allowed teams [testfielderla/openshift] (user is a member of [])
<-snip->


# oc get clusterversion version -o json |jq .status.desired
{
  "image": "registry.svc.ci.openshift.org/ocp/release@sha256:197a02c6e56f8fa6b97f452bc8db98e616bf754c9686c631d485ab68b740a1e0",
  "version": "4.0.0-0.nightly-2019-02-17-182259"
}
Comment 6 errata-xmlrpc 2019-06-04 10:44:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0758