Skip to main content
Version: 0.38.0

gitops_check_oidc-config

gitops check oidc-config

Check an OIDC configuration for proper functionality.

Synopsis

This command will send the user through an OIDC authorization code flow using the given OIDC configuration. This is helpful for verifying that a given configuration will work properly with Weave GitOps or for debugging issues. Without any provided flags it will read the configuration from a Secret on the cluster.

NOTE: Make sure to configure your OIDC provider so that it accepts "http://localhost:9876" as redirect URI.

gitops check oidc-config [flags]

Examples


# Check the OIDC configuration stored in the flux-system/oidc-auth Secret
gitops check oidc-config

# Check a different set of scopes
gitops check oidc-config --scopes=openid,groups

# Check a different username cliam
gitops check oidc-config --claim-username=sub

# Check configuration without fetching a Secret from the cluster
gitops check oidc-config --skip-secret --client-id=CID --client-secret=SEC --issuer-url=https://example.org

Options

      --client-id string        OIDC client ID
--client-secret string OIDC client secret
--context string The name of the kubeconfig context to use
--disable-compression If true, opt-out of response compression for all requests to the server
--from-secret string Get OIDC configuration from the given Secret resource (default "oidc-auth")
--groups-claim string ID token claim to use for the groups.
-h, --help help for oidc-config
--issuer-url string OIDC issuer URL
--scopes strings OIDC scopes to request (default [openid,offline_access,email,groups])
--skip-secret Do not read OIDC configuration from a Kubernetes Secret but rely solely on the values from the given flags.
--username-claim string ID token claim to use for the user name.

Options inherited from parent commands

  -e, --endpoint WEAVE_GITOPS_ENTERPRISE_API_URL   The Weave GitOps Enterprise HTTP API endpoint can be set with WEAVE_GITOPS_ENTERPRISE_API_URL environment variable
--insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string Paths to a kubeconfig. Only required if out-of-cluster.
-n, --namespace string The namespace scope for this operation (default "flux-system")
-p, --password WEAVE_GITOPS_PASSWORD The Weave GitOps Enterprise password for authentication can be set with WEAVE_GITOPS_PASSWORD environment variable
-u, --username WEAVE_GITOPS_USERNAME The Weave GitOps Enterprise username for authentication can be set with WEAVE_GITOPS_USERNAME environment variable

SEE ALSO