NotificationsYou must be signed in to change notification settings
Fork1.1k
Star11.6k

Commit782214b

authored

chore: move organizatinon sync to runtime configuration (#15431)

Moves the configuration from environment to database backed, to allowconfiguring organization sync at runtime.

1 parent7b33ab0 commit782214bCopy full SHA for 782214b

File tree

28 files changed

+882

-279

lines changed

cli/testdata
- coder_server_--help.golden
coderd
- apidoc
  - docs.go
  - swagger.json
- database/dbauthz
  - dbauthz.go
- idpsync
- members.go
- rbac
  - roles.go
  - roles_test.go
- userauth.go
codersdk
- deployment.go
- idpsync.go
docs/reference
- api
  - enterprise.md
  - schemas.md
- cli
  - server.md
enterprise
- cli/testdata
  - coder_server_--help.golden
- coderd
site/src/api
- typesGenerated.ts

28 files changed

+882

-279

lines changed

`‎cli/testdata/coder_server_--help.golden‎`

Lines changed: 0 additions & 13 deletions

Original file line number	Diff line number	Diff line change
`@@ -506,11 +506,6 @@ OIDC OPTIONS:`
`506`	`506`	`groups. This filter is applied after the group mapping and before the`
`507`	`507`	`regex filter.`
`508`	`508`
`509`		`- --oidc-organization-assign-default bool, $CODER_OIDC_ORGANIZATION_ASSIGN_DEFAULT (default: true)`
`510`		`- If set to true, users will always be added to the default`
`511`		`- organization. If organization sync is enabled, then the default org is`
`512`		`- always added to the user's set of expectedorganizations.`
`513`		`-`
`514`	`509`	`--oidc-auth-url-params struct[map[string]string], $CODER_OIDC_AUTH_URL_PARAMS (default: {"access_type": "offline"})`
`515`	`510`	`OIDC auth URL parameters to pass to the upstream provider.`
`516`	`511`
`@@ -557,14 +552,6 @@ OIDC OPTIONS:`
`557`	`552`	`--oidc-name-field string, $CODER_OIDC_NAME_FIELD (default: name)`
`558`	`553`	`OIDC claim field to use as the name.`
`559`	`554`
`560`		`- --oidc-organization-field string, $CODER_OIDC_ORGANIZATION_FIELD`
`561`		`- This field must be set if using the organization sync feature. Set to`
`562`		`- the claim to be used for organizations.`
`563`		`-`
`564`		`- --oidc-organization-mapping struct[map[string][]uuid.UUID], $CODER_OIDC_ORGANIZATION_MAPPING (default: {})`
`565`		`- A map of OIDC claims and the organizations in Coder it should map to.`
`566`		`- This is required because organization IDs must be used within Coder.`
`567`		`-`
`568`	`555`	`--oidc-group-regex-filter regexp, $CODER_OIDC_GROUP_REGEX_FILTER (default: .*)`
`569`	`556`	`If provided any group name not matching the regex is ignored. This`
`570`	`557`	`allows for filtering out groups that are not needed. This filter is`

`‎coderd/apidoc/docs.go‎`

Lines changed: 109 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/apidoc/swagger.json‎`

Lines changed: 95 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/dbauthz/dbauthz.go‎`

Lines changed: 2 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -33,9 +33,8 @@ var _ database.Store = (*querier)(nil)`
`33`	`33`
`34`	`34`	`constwrapname="dbauthz.querier"`
`35`	`35`
`36`		`-// NoActorError wraps ErrNoRows for the api to return a 404. This is the correct`
`37`		`-// response when the user is not authorized.`
`38`		`-varNoActorError=xerrors.Errorf("no authorization actor in context: %w",sql.ErrNoRows)`
	`36`	`+// NoActorError is returned if no actor is present in the context.`
	`37`	`+varNoActorError=xerrors.Errorf("no authorization actor in context")`
`39`	`38`
`40`	`39`	`// NotAuthorizedError is a sentinel error that unwraps to sql.ErrNoRows.`
`41`	`40`	`// This allows the internal error to be read by the caller if needed. Otherwise`

`‎coderd/idpsync/group.go‎`

Lines changed: 5 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -20,12 +20,12 @@ import (`
`20`	`20`	`)`
`21`	`21`
`22`	`22`	`typeGroupParamsstruct {`
`23`		`-//SyncEnabled if false will skip syncing the user's groups`
`24`		`-SyncEnabledbool`
	`23`	`+//SyncEntitled if false will skip syncing the user's groups`
	`24`	`+SyncEntitledbool`
`25`	`25`	`MergedClaims jwt.MapClaims`
`26`	`26`	`}`
`27`	`27`
`28`		`-func (AGPLIDPSync)GroupSyncEnabled()bool {`
	`28`	`+func (AGPLIDPSync)GroupSyncEntitled()bool {`
`29`	`29`	`// AGPL does not support syncing groups.`
`30`	`30`	`returnfalse`
`31`	`31`	`}`
`@@ -73,13 +73,13 @@ func (s AGPLIDPSync) GroupSyncSettings(ctx context.Context, orgID uuid.UUID, db`
`73`	`73`
`74`	`74`	`func (sAGPLIDPSync)ParseGroupClaims(_ context.Context,_ jwt.MapClaims) (GroupParams,*HTTPError) {`
`75`	`75`	`returnGroupParams{`
`76`		`-SyncEnabled:s.GroupSyncEnabled(),`
	`76`	`+SyncEntitled:s.GroupSyncEntitled(),`
`77`	`77`	`},nil`
`78`	`78`	`}`
`79`	`79`
`80`	`80`	`func (sAGPLIDPSync)SyncGroups(ctx context.Context,db database.Store,user database.User,paramsGroupParams)error {`
`81`	`81`	`// Nothing happens if sync is not enabled`
`82`		`-if!params.SyncEnabled {`
	`82`	`+if!params.SyncEntitled {`
`83`	`83`	`returnnil`
`84`	`84`	`}`
`85`	`85`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit782214b

File tree

28 files changed

28 files changed

`‎cli/testdata/coder_server_--help.golden‎`

`‎coderd/apidoc/docs.go‎`

`‎coderd/apidoc/swagger.json‎`

`‎coderd/database/dbauthz/dbauthz.go‎`

`‎coderd/idpsync/group.go‎`

0 commit comments