add regex for oidc group matching

[jacksonargo]

Overview

Add a group regex matcher to the OIDC connector config.

What this PR does / why we need it

Sometimes the IDP's can send very long list of groups, not all IDP's support group filters from the IDP side.

Special notes for your reviewer

I tested this in the unit tests, but not sure how to test this in a live environment. and in a live environment, and the filter works as expected.

Does this PR introduce a user-facing change?

It adds a new config field for OIDC: groupsRegex.

ADD groups regex config for oidc connector.

[sagikazarmark]

@jacksonargo thanks for the contribution!

Two thoughts came to my mind:

• People generally want to deny authentication with filters like this. I'm not saying it doesn't make sense, but it can be confusing for some, so we may want to structure config/document this feature to avoid any confusion.
• Would it make sense to support capture groups not just to match, but extract parts of group names?

[jacksonargo]

People generally want to deny authentication with filters like this. I'm not saying it doesn't make sense, but it can be confusing for some, so we may want to structure config/document this feature to avoid any confusion.

Ya, makes sense to me. Would groupsFilter be a better name?

Would it make sense to support capture groups not just to match, but extract parts of group names?

Yes probably! Didn't occur to me at the time.

[st-sidjoshi]

Your thoughts @sagikazarmark ?

[jacksonargo]

Hi @sagikazarmark, I've updated the pr to put the regex filter under the claim mutations config.

How does this look?