WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

Allow to specify arbitrary requiredClaims when authorising a GH repository #2792

New issue
New issue
Open
Feature
Open
Allow to specify arbitrary requiredClaims when authorising a GH repository#2792
Feature
Assignees
halamix2
Labels
kind/enhancement
@kwiatekus

Description

@kwiatekus
kwiatekus
opened on Dec 15, 2025

Description

Allow specifying any arbitrary requiredClaims (key value pairs) when defining an OIDC custom resource as part of kyma alpha authorize repository command, for example

kyma alpha authorize repository --client-id foo --cluster-wide --clusterrole cluster-admin --repository otters/kyma-demo --required-claim ref=refs/heads/main --required-claim workflow=push

Reasons
Cluster administrators may want to restrict access to the cluster based on more oidc token claims (not only the repository)

Attachments

https://docs.github.com/en/actions/concepts/security/openid-connect#understanding-the-oidc-token

Metadata

Metadata

Assignees

Labels

kind/enhancement

Type

Feature

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions