Skip to content

Commit 496138b

Browse files
coadlercoadler
authored
feat: assign users to groups returned by OIDC provider (#5965)
1 parent 026b1cd commit 496138b

File tree

11 files changed

+471
-127
lines changed

11 files changed

+471
-127
lines changed

coderd/coderd.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -115,6 +115,7 @@ type Options struct {
115115
DERPServer *derp.Server
116116
DERPMap *tailcfg.DERPMap
117117
SwaggerEndpoint bool
118+
SetUserGroups func(ctx context.Context, tx database.Store, userID uuid.UUID, groupNames []string) error
118119

119120
// APIRateLimit is the minutely throughput rate limit per user or ip.
120121
// Setting a rate limit <0 will disable the rate limiter across the entire
@@ -202,6 +203,9 @@ func New(options *Options) *API {
202203
if options.Auditor == nil {
203204
options.Auditor = audit.NewNop()
204205
}
206+
if options.SetUserGroups == nil {
207+
options.SetUserGroups = func(context.Context, database.Store, uuid.UUID, []string) error { return nil }
208+
}
205209

206210
siteCacheDir := options.CacheDir
207211
if siteCacheDir != "" {

coderd/database/databasefake/databasefake.go

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3528,6 +3528,50 @@ func (q *fakeQuerier) DeleteGroupMemberFromGroup(_ context.Context, arg database
35283528
return nil
35293529
}
35303530

3531+
func (q *fakeQuerier) InsertUserGroupsByName(_ context.Context, arg database.InsertUserGroupsByNameParams) error {
3532+
q.mutex.Lock()
3533+
defer q.mutex.Unlock()
3534+
3535+
var groupIDs []uuid.UUID
3536+
for _, group := range q.groups {
3537+
for _, groupName := range arg.GroupNames {
3538+
if group.Name == groupName {
3539+
groupIDs = append(groupIDs, group.ID)
3540+
}
3541+
}
3542+
}
3543+
3544+
for _, groupID := range groupIDs {
3545+
q.groupMembers = append(q.groupMembers, database.GroupMember{
3546+
UserID: arg.UserID,
3547+
GroupID: groupID,
3548+
})
3549+
}
3550+
3551+
return nil
3552+
}
3553+
3554+
func (q *fakeQuerier) DeleteGroupMembersByOrgAndUser(_ context.Context, arg database.DeleteGroupMembersByOrgAndUserParams) error {
3555+
q.mutex.Lock()
3556+
defer q.mutex.Unlock()
3557+
3558+
newMembers := q.groupMembers[:0]
3559+
for _, member := range q.groupMembers {
3560+
if member.UserID == arg.UserID {
3561+
for _, group := range q.groups {
3562+
if group.ID == member.GroupID && group.OrganizationID == arg.OrganizationID {
3563+
continue
3564+
}
3565+
3566+
newMembers = append(newMembers, member)
3567+
}
3568+
}
3569+
}
3570+
q.groupMembers = newMembers
3571+
3572+
return nil
3573+
}
3574+
35313575
func (q *fakeQuerier) UpdateGroupByID(_ context.Context, arg database.UpdateGroupByIDParams) (database.Group, error) {
35323576
if err := validateDatabaseType(arg); err != nil {
35333577
return database.Group{}, err

coderd/database/querier.go

Lines changed: 3 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/queries.sql.go

Lines changed: 133 additions & 79 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy