- Notifications
You must be signed in to change notification settings - Fork928
chore: support multi-org group sync with runtime configuration#14578
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Merged
Uh oh!
There was an error while loading.Please reload this page.
Merged
Changes from1 commit
Commits
Show all changes
38 commits Select commitHold shift + click to select a range
99c97c2 wip
Emyrkbfddeb6 begin group sync main work
Emyrkf2857c6 initial implementation of group sync
Emyrk791a059 work on moving to the manager
Emyrk4326e9d fixup compile issues
Emyrk6d3ed2e fixup some tests
Emyrk0803619 handle allow list
Emyrk596e7b4 WIP unit test for group sync
Emyrkb9476ac fixup tests, account for existing groups
Emyrkee8e4e4 fix compile issues
Emyrkd5ff0f7 add comment for test helper
Emyrk86c0f6f handle legacy params
Emyrk2f03e18 make gen
Emyrkec8092d cleanup
Emyrkd63727d add unit test for legacy behavior
Emyrk2a1769c work on batching removal by name or id
Emyrk640e86e group sync adjustments
Emyrkc544a29 test legacy params
Emyrk476be45 add unit test for ApplyGroupDifference
Emyrk164aeac chore: remove old group sync code
Emyrk986498d switch oidc test config to deployment values
Emyrk290cfa5 fix err name
Emyrkc563b10 some linting cleanup
Emyrkd2c247f dbauthz test for new query
Emyrk12685bd fixup comments
Emyrkbf0d4ed fixup compile issues from rebase
Emyrkf95128e add test for disabled sync
Emyrk88b0ad9 linting
Emyrk6491f6a chore: handle db conflicts gracefully
Emyrkbd23288 test expected group equality
Emyrka390ec4 cleanup comments
Emyrka0a1c53 spelling mistake
Emyrka86ba83 linting:
Emyrk0df7f28 add interface method to allow api crud
Emyrk7a802a9 Remove testable example
Emyrk611f1e3 fix formatting of sql, add a comment
Emyrk7f28a53 remove function only used in 1 place
Emyrk41994d2 make fmt
EmyrkFile filter
Filter by extension
Conversations
Failed to load comments.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Jump to
Jump to file
Failed to load files.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Diff view
Diff view
handle allow list
- Loading branch information
Uh oh!
There was an error while loading.Please reload this page.
commit0803619e8c65eb1bb584abae3137e403bf07f8fe
There are no files selected for viewing
6 changes: 1 addition & 5 deletionscoderd/coderd.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
8 changes: 8 additions & 0 deletionscoderd/idpsync/group.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
23 changes: 23 additions & 0 deletionscoderd/idpsync/idpsync.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -63,6 +63,29 @@ type DeploymentSyncSettings struct { | ||
| // placed into the default organization. This is mostly a hack to support | ||
| // legacy deployments. | ||
| OrganizationAssignDefault bool | ||
| // GroupField at the deployment level is used for deployment level group claim | ||
| // settings. | ||
| GroupField string | ||
| // GroupAllowList (if set) will restrict authentication to only users who | ||
| // have at least one group in this list. | ||
| // A map representation is used for easier lookup. | ||
| GroupAllowList map[string]struct{} | ||
Comment on lines +71 to +75 There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others.Learn more. At some point we should disconnect these from the default org. Might need to move the existing config env and flags, and deprecate the old. | ||
| } | ||
| func FromDeploymentValues(dv *codersdk.DeploymentValues) DeploymentSyncSettings { | ||
| if dv == nil { | ||
| panic("Developer error: DeploymentValues should not be nil") | ||
| } | ||
| return DeploymentSyncSettings{ | ||
| OrganizationField: dv.OIDC.OrganizationField.Value(), | ||
| OrganizationMapping: dv.OIDC.OrganizationMapping.Value, | ||
| OrganizationAssignDefault: dv.OIDC.OrganizationAssignDefault.Value(), | ||
| GroupField: dv.OIDC.GroupField.Value(), | ||
| GroupAllowList: ConvertAllowList(dv.OIDC.GroupAllowList.Value()), | ||
| } | ||
| } | ||
| type SyncSettings struct { | ||
2 changes: 1 addition & 1 deletioncoderd/userauth.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
6 changes: 1 addition & 5 deletionsenterprise/coderd/coderd.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
42 changes: 41 additions & 1 deletionenterprise/coderd/enidpsync/groups.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
35 changes: 35 additions & 0 deletionsenterprise/coderd/enidpsync/groups_test.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| package enidpsync_test | ||
| import ( | ||
| "testing" | ||
| "github.com/golang-jwt/jwt/v4" | ||
| "github.com/stretchr/testify/require" | ||
| "cdr.dev/slog/sloggers/slogtest" | ||
| "github.com/coder/coder/v2/coderd/entitlements" | ||
| "github.com/coder/coder/v2/coderd/idpsync" | ||
| "github.com/coder/coder/v2/coderd/runtimeconfig" | ||
| "github.com/coder/coder/v2/enterprise/coderd/enidpsync" | ||
| "github.com/coder/coder/v2/testutil" | ||
| ) | ||
| func TestEnterpriseParseGroupClaims(t *testing.T) { | ||
| t.Parallel() | ||
| t.Run("NoEntitlements", func(t *testing.T) { | ||
| t.Parallel() | ||
| s := enidpsync.NewSync(slogtest.Make(t, &slogtest.Options{}), | ||
| runtimeconfig.NewNoopManager(), | ||
| entitlements.New(), | ||
| idpsync.DeploymentSyncSettings{}) | ||
| ctx := testutil.Context(t, testutil.WaitMedium) | ||
| params, err := s.ParseGroupClaims(ctx, jwt.MapClaims{}) | ||
| require.Nil(t, err) | ||
| require.False(t, params.SyncEnabled) | ||
| }) | ||
| } |
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.