add sap.ids: prefix to admin users

kyma-project · Sep 30, 2024 · c3cf655 · c3cf655
1 parent 95bb5a7
commit c3cf655
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/controllers/cfapi_auth.go b/controllers/cfapi_auth.go
@@ -16,6 +16,8 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/log"
 )
 
+const OIDC_USER_PREFIX = "sap.ids:"
+
 func (r *CFAPIReconciler) getUserClusterAdmins(ctx context.Context) ([]rbacv1.Subject, error) {
 	subjects := []rbacv1.Subject{}
 	crblist := &rbacv1.ClusterRoleBindingList{}
@@ -67,6 +69,13 @@ func (r *CFAPIReconciler) assignCfAdministrators(ctx context.Context, subjects [
 		}
 	}
 
+	//add prefix sap.ids: for all user names without prefix
+	for _, subject := range _subjects {
+		if subject.Kind == "User" && !strings.HasPrefix(subject.Name, OIDC_USER_PREFIX) {
+			subject.Name = OIDC_USER_PREFIX + subject.Name
+		}
+	}
+
 	rb := &rbacv1.RoleBinding{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      "cfapi-admins-binding",