From 21264cf74436ec243784181f166286e9c583bd37 Mon Sep 17 00:00:00 2001
From: Francisco Barros <francisco.borges.aurindo.barros@cern.ch>
Date: Mon, 19 Feb 2024 10:32:59 +0100
Subject: [PATCH] Enforcing LoA5 through cern_registered role

---
 controllers/drupalsite_resources.go | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/controllers/drupalsite_resources.go b/controllers/drupalsite_resources.go
index 317f73bf..af6b45fb 100644
--- a/controllers/drupalsite_resources.go
+++ b/controllers/drupalsite_resources.go
@@ -1029,6 +1029,14 @@ func deploymentForDrupalSite(currentobject *appsv1.Deployment, databaseSecret st
 						Name:  "OAUTH2_PROXY_SKIP_AUTH_REGEX",
 						Value: "_webdav",
 					},
+					{
+						Name:  "OAUTH2_PROXY_OIDC_GROUPS_CLAIM",
+						Value: "cern_roles",
+					},
+					{
+						Name:  "OAUTH2_PROXY_ALLOWED_GROUPS",
+						Value: "cern_registered",
+					},
 					{
 						Name:  "OAUTH2_PROXY_PROVIDER",
 						Value: "oidc",
@@ -1225,6 +1233,14 @@ func deploymentForDrupalSite(currentobject *appsv1.Deployment, databaseSecret st
 					Name:  "OAUTH2_PROXY_SKIP_AUTH_REGEX",
 					Value: "_webdav",
 				},
+				{
+					Name:  "OAUTH2_PROXY_OIDC_GROUPS_CLAIM",
+					Value: "cern_roles",
+				},
+				{
+					Name:  "OAUTH2_PROXY_ALLOWED_GROUPS",
+					Value: "cern_registered",
+				},
 				{
 					Name:  "OAUTH2_PROXY_PROVIDER",
 					Value: "oidc",
-- 
GitLab