Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

chore: implement organization sync and create idpsync package#14432

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
Emyrk merged 23 commits intomainfromstevenmasley/organization_sync
Aug 30, 2024

Conversation

Emyrk
Copy link
Member

@EmyrkEmyrk commentedAug 26, 2024
edited
Loading

What this does

Adds organization sync as a feature configurable at startup. This means a deployment can now be configured to allow a user to belong to 0 organizations on login if configured to do so. The default behavior is unchanged if no settings are touched.

This features allows auto assigning users into an organization based on their IDP claims. At present, an org mapping is required, so not mapped by organization name. Might be an improvement to allow org names in the future. TBD.

This is MVP and unreleased at this time.

Closes#14350

Refactor

I moved all this code into anidpsync package. I intend to move role and group sync into this package.

Future work

  • Allow configuring at runtime instead (chicken and egg as orgs have to exist)
  • The current config is a bit of a stop gap solution.

@EmyrkEmyrkforce-pushed thestevenmasley/organization_sync branch froma8c89a4 to565e8aeCompareAugust 26, 2024 20:32
@EmyrkEmyrkforce-pushed thestevenmasley/organization_sync branch from7521495 to14a4c70CompareAugust 28, 2024 14:36
@EmyrkEmyrk changed the base branch frommain tostevenmasley/organizations_queryAugust 28, 2024 14:36
@EmyrkGraphite App
Copy link
MemberAuthor

Emyrk commentedAug 28, 2024
edited
Loading

@EmyrkEmyrkforce-pushed thestevenmasley/organization_sync branch from14a4c70 to60e0532CompareAugust 28, 2024 14:39
@EmyrkEmyrk changed the base branch fromstevenmasley/organizations_query tomainAugust 28, 2024 14:41
@EmyrkEmyrkforce-pushed thestevenmasley/organization_sync branch from60e0532 toaab3940CompareAugust 28, 2024 14:41
@EmyrkEmyrk changed the base branch frommain tostevenmasley/slice_uniqueAugust 28, 2024 14:41
@EmyrkEmyrkforce-pushed thestevenmasley/slice_unique branch from1cc418c to0a49b38CompareAugust 28, 2024 14:44
@EmyrkEmyrkforce-pushed thestevenmasley/organization_sync branch fromaab3940 tofe8d255CompareAugust 28, 2024 14:44
@EmyrkEmyrkforce-pushed thestevenmasley/slice_unique branch from0a49b38 to369b2dcCompareAugust 28, 2024 16:22
@EmyrkEmyrkforce-pushed thestevenmasley/organization_sync branch fromac21ab3 tobfe6835CompareAugust 28, 2024 16:22
@EmyrkEmyrkforce-pushed thestevenmasley/slice_unique branch from369b2dc to2d5e40dCompareAugust 28, 2024 16:29
@EmyrkEmyrkforce-pushed thestevenmasley/organization_sync branch frombfe6835 to3ead016CompareAugust 28, 2024 16:29
@EmyrkEmyrk marked this pull request as ready for reviewAugust 28, 2024 17:10
@EmyrkEmyrk requested a review fromf0sselAugust 28, 2024 17:11
@EmyrkEmyrkforce-pushed thestevenmasley/slice_unique branch from2d5e40d to028476dCompareAugust 28, 2024 18:24
@EmyrkEmyrkforce-pushed thestevenmasley/organization_sync branch from1c9a08c to1714e5bCompareAugust 28, 2024 18:25
Copy link
Contributor

@f0sself0ssel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Pretty much all nits, structurally it all looks good. Some repeated code that could use cleanup, in a later pass.

This field must be set if using the organization sync feature. Set to
the claim to be used for organizations.

--oidc-organization-mapping struct[map[string][]uuid.UUID], $CODER_OIDC_ORGANIZATION_MAPPING (default: {})
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

nit: Is it possible for this to be justmap[string][]uuid.UUID?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Can you explain why we need this instead of solely relying on the--oidc-organization-field? Orgs are uniquely named right?

Copy link
MemberAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

We have to use the typeserpent.Struct[map[string][]uuid.UUID] to be compatible with all parsing.

Can you explain why we need this instead of solely relying on the --oidc-organization-field? Orgs are uniquely named right?

I could use names, but that assumes the IDP will use Coder organization names in their claims, which we've found with groups that this almost never the case.

}
}

// Keep track of which claims are not mapped for debugging purposes.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

👍

t.Parallel()

if dbtestutil.WillUsePostgres() {
t.Skip("Skipping test because it populates a lot of db entries, which is slow on postgres")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I think this is OK since we aren't introducing new tables or columns and using existing (and well tested) data structures. 👍

Copy link
MemberAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Yea, I've done this a few times now when I need to populate a lot of data. Essentially, this test is not designed to test the database, but test the logic in the sync method. There is little upside to making this a full SQL db imo.

Copy link
MemberAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Especially since this is in theenidpsync package. I use a real DB in thecoderd/userauth_test.go file.

@EmyrkEmyrkforce-pushed thestevenmasley/slice_unique branch from028476d to6889229CompareAugust 28, 2024 19:34
@EmyrkEmyrkforce-pushed thestevenmasley/organization_sync branch from1714e5b to6695e64CompareAugust 28, 2024 19:34
@EmyrkEmyrk changed the base branch fromstevenmasley/slice_unique tographite-base/14432August 29, 2024 02:06
@EmyrkEmyrkforce-pushed thestevenmasley/organization_sync branch from4e3ea79 toa67ab22CompareAugust 29, 2024 02:07
@EmyrkEmyrk changed the base branch fromgraphite-base/14432 tomainAugust 29, 2024 02:08
IDP sync code should be refactored to be contained in it's ownpackage. This will make it easier to maintain and test movingforward.
@EmyrkEmyrkforce-pushed thestevenmasley/organization_sync branch froma67ab22 to3516008CompareAugust 29, 2024 14:07
@EmyrkEmyrk merged commit10c958b intomainAug 30, 2024
30 of 32 checks passed
@EmyrkEmyrk deleted the stevenmasley/organization_sync branchAugust 30, 2024 16:19
@github-actionsgithub-actionsbot locked and limited conversation to collaboratorsAug 30, 2024
Sign up for freeto subscribe to this conversation on GitHub. Already have an account?Sign in.
Reviewers

@f0sself0sself0ssel approved these changes

Assignees

@EmyrkEmyrk

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Organization Sync to map OIDC claims -> organization members
2 participants
@Emyrk@f0ssel
[8]ページ先頭
©2009-2025 Movatter.jp