Add Custom Provider for SecureAuth IdP

[markafarrell]

Overview

SecureAuth IdP returns group membership as a comma separated list of strings (e.g. groups: "group-1,group-2") rather than a JSON list.
This custom provider converts this into a JSON list so that the entity is added to the correct groups on login.

Design of Change

The custom GroupFetcher simply splits the GroupClaims field from the token on comma and returns the resultant list of groups

Related Issues/Pull Requests

N/A

Contributor Checklist

[ ] Add relevant docs to upstream Vault repository, or sufficient reasoning why docs won’t be added yet
My Docs PR Link
Example
[x] Add output for any tests not ran in CI to the PR description (eg, acceptance tests)
[x] Backwards compatible

[hashicorp-cla]

All committers have signed the CLA.

[markafarrell]

@austingebauer Is something additional required to have this reviewed? It seems there are a few PRs with no reviews or comments since early 2021.

[austingebauer]

Hi, @markafarrell! Thanks for this contribution and for bringing it to my attention. I'm going to discuss the possibility of getting this merged with my team. The changes in this PR generally look good (interesting that they return the groups in a single string 😄). We'd like to be able to test the plugin using SecureAuth IdP before documenting it along with other tested OIDC providers.

I'll get back to you with an update after having the discussion. Thanks again!

[markafarrell]

Thanks @austingebauer for the prompt response.

I think there are a few other stale PRs that deserve some love. Especially #130

[austingebauer]

Hi @markafarrell - Wanted to give you an update that we were able to get a SecureAuth IdP to test against. Things are looking good! I'm going to submit a review for this shortly to help get it merged. Thanks again for this contribution and the patience.

[austingebauer]

@markafarrell - I tested this out, and everything works as expected. I have a few minor suggestions. We'll merge this once those are addressed.

[markafarrell]

@austingebauer I think I have addressed all your comments. I'm on parental leave from work at the moment so I'm not able to test the changes end-to-end though. Hopefully your setup allows you to do this.

P.S. I'm getting an issue with make bin using go version go1.18.3 linux/amd64

1 errors occurred:
--> darwin/386 error: exit status 2
Stderr: go: unsupported GOOS/GOARCH pair darwin/386

It appears that >= go 1.15 doens't support darwin/386 anymore (https://go.dev/doc/go1.15), however, trying to build the plugin with go version go1.14.15 linux/amd64 I get issues with golang.org/x/net/http2 note: module requires Go 1.17 and github.com/hashicorp/vault/sdk/helper/certutil note: module requires Go 1.16

Disabling the darwin/386 target in scripts/build.sh fixes the issue though.

[austingebauer]

Thanks for the update, @markafarrell! I'll give this another test with my setup today. I'll also take a look into the make/build issues. Will merge if everything looks good 👍

[austingebauer]

I was able to successfully test this again after the recent commits. I'm going to merge it now. I'll have a look at those build issues and may address them in a separate PR.

Thanks again for this contribution, @markafarrell!

[markafarrell]

Thanks for all the help getting this merged @austingebauer !