f110 · f110 · Feb 5, 2025
diff --git a/operator/config/crd/proto.crd.yaml b/operator/config/crd/proto.crd.yaml
@@ -2351,12 +2351,21 @@ spec:
                     required:
                     - name
                     type: object
+                  domain:
+                    type: string
+                  extraScopes:
+                    items:
+                      type: string
+                    type: array
+                  issuer:
+                    type: string
                   provider:
                     type: string
                   redirectUrl:
                     type: string
                 required:
                 - provider
+                - extraScopes
                 type: object
               issuerRef:
                 properties:

diff --git a/.../github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoringv1/generated.proto b/.../github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoringv1/generated.proto
@@ -939,12 +939,12 @@ message RemoteWriteSpec {
 }
 
 message Rule {
-  optional string                                  record      = 1 [(dev.f110.kubeproto.field) = { go_name: "Record", api_field_name: "record", inline: false }];
-  optional string                                  alert       = 2 [(dev.f110.kubeproto.field) = { go_name: "Alert", api_field_name: "alert", inline: false }];
-  .k8s.io.apimachinery.pkg.util.intstr.IntOrString expr        = 3 [(dev.f110.kubeproto.field) = { go_name: "Expr", api_field_name: "expr", inline: false }];
+  optional string                                  record     = 1 [(dev.f110.kubeproto.field) = { go_name: "Record", api_field_name: "record", inline: false }];
+  optional string                                  alert      = 2 [(dev.f110.kubeproto.field) = { go_name: "Alert", api_field_name: "alert", inline: false }];
+  .k8s.io.apimachinery.pkg.util.intstr.IntOrString expr       = 3 [(dev.f110.kubeproto.field) = { go_name: "Expr", api_field_name: "expr", inline: false }];
 optional string for = 4 [(dev.f110.kubeproto.field) = {go_name: "For", api_field_name: "for", inline: false}];
-map<string, string>                                labels      = 5 [(dev.f110.kubeproto.field) = { go_name: "Labels", api_field_name: "labels", inline: false }];
-map<string, string>                                annotations = 6 [(dev.f110.kubeproto.field) = { go_name: "Annotations", api_field_name: "annotations", inline: false }];
+map<string, string>                                labels                                     = 5 [(dev.f110.kubeproto.field) = { go_name: "Labels", api_field_name: "labels", inline: false }];
+map<string, string>                                annotations                                = 6 [(dev.f110.kubeproto.field) = { go_name: "Annotations", api_field_name: "annotations", inline: false }];
 }
 
 message RuleGroup {

diff --git a/pkg/k8s/api/proxyv1alpha2/go_api.generated.object.go b/pkg/k8s/api/proxyv1alpha2/go_api.generated.object.go
@@ -881,6 +881,9 @@ type IdentityProviderSpec struct {
 	ClientId        string          `json:"clientId,omitempty"`
 	ClientSecretRef *SecretSelector `json:"clientSecretRef,omitempty"`
 	RedirectUrl     string          `json:"redirectUrl,omitempty"`
+	Domain          string          `json:"domain,omitempty"`
+	Issuer          string          `json:"issuer,omitempty"`
+	ExtraScopes     []string        `json:"extraScopes"`
 }
 
 func (in *IdentityProviderSpec) DeepCopyInto(out *IdentityProviderSpec) {
@@ -890,6 +893,11 @@ func (in *IdentityProviderSpec) DeepCopyInto(out *IdentityProviderSpec) {
 		*out = new(SecretSelector)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.ExtraScopes != nil {
+		t := make([]string, len(in.ExtraScopes))
+		copy(t, in.ExtraScopes)
+		out.ExtraScopes = t
+	}
 }
 
 func (in *IdentityProviderSpec) DeepCopy() *IdentityProviderSpec {

diff --git a/pkg/k8s/api/proxyv1alpha2/proxy.proto b/pkg/k8s/api/proxyv1alpha2/proxy.proto
@@ -134,6 +134,9 @@ message IdentityProviderSpec {
   optional string         client_id         = 2;
   optional SecretSelector client_secret_ref = 3;
   optional string         redirect_url      = 4;
+  optional string         domain            = 5;
+  optional string         issuer            = 6;
+  repeated string         extra_scopes      = 7;
 }
 
 message SessionSpec {

diff --git a/pkg/k8s/controllers/proxy.go b/pkg/k8s/controllers/proxy.go
@@ -771,8 +771,10 @@ func (r *HeimdallrProxy) ConfigForMain() (*corev1.ConfigMap, error) {
 			Provider:         r.Spec.IdentityProvider.Provider,
 			ClientId:         r.Spec.IdentityProvider.ClientId,
 			ClientSecretFile: fmt.Sprintf("%s/%s", identityProviderSecretPath, r.Spec.IdentityProvider.ClientSecretRef.Key),
-			ExtraScopes:      []string{"email"},
+			ExtraScopes:      append([]string{"email"}, r.Spec.IdentityProvider.ExtraScopes...),
 			RedirectUrl:      r.Spec.IdentityProvider.RedirectUrl,
+			Issuer:           r.Spec.IdentityProvider.Issuer,
+			Domain:           r.Spec.IdentityProvider.Domain,
 		},
 		Datastore: &configv2.Datastore{
 			DatastoreEtcd: &configv2.DatastoreEtcd{