AAD Group Sync Operator

Instalace a pouziti Group sync operator

OPENSHIFT
RBAC
*file: group-sync-operator-install.md *
oc new-project group-sync-operator
helm repo add group-sync-operator https://redhat-cop.github.io/group-sync-operator
helm repo update
helm install group-sync-operator group-sync-operator/group-sync-operator

create App registration with

  • Group.Read.All
  • GroupMember.Read.All
  • User.Read.All
    App registration

    App registration

[ openshift/RBAC/aadGroupSyncOperator/azure-group-sync.yaml ]

apiVersion: v1
kind: Secret
metadata:
  name: azure-group-sync
  namespace: {{ .Values.group_sync_operator_namespace }} 
type: Opaque
data:
  AZURE_TENANT_ID: {{ .Values.groupSync.AzureActiveDirectory.tenantID | b64enc }}
  AZURE_CLIENT_ID: {{ .Values.groupSync.AzureActiveDirectory.clientID | b64enc }}
  AZURE_CLIENT_SECRET: {{ .Values.groupSync.AzureActiveDirectory.clientSecret | b64enc }}

[ openshift/RBAC/aadGroupSyncOperator/azure-groupsync.yaml ]

apiVersion: redhatcop.redhat.io/v1alpha1
kind: GroupSync
metadata:
  name: azure-groupsync
  namespace: {{ .Values.group_sync_operator_namespace }} 
spec:
  schedule: "*/10 * * * *"
  providers:
  - name: azure
    azure:
      filter: "(startsWith(displayName, 'OCP_') or startsWith(mail, 'OCP_'))"
      credentialsSecret:
        name: azure-group-sync
        namespace: group-sync-operator