Skip to content

Commit fe8d255

Browse files
EmyrkEmyrk
committed
move the config into api options
1 parent 6077b02 commit fe8d255

File tree

7 files changed

+49
-26
lines changed

7 files changed

+49
-26
lines changed

cli/server.go

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,6 @@ import (
5656
"cdr.dev/slog"
5757
"cdr.dev/slog/sloggers/sloghuman"
5858
"github.com/coder/coder/v2/coderd/entitlements"
59-
"github.com/coder/coder/v2/coderd/idpsync"
6059
"github.com/coder/pretty"
6160
"github.com/coder/quartz"
6261
"github.com/coder/retry"
@@ -199,11 +198,6 @@ func createOIDCConfig(ctx context.Context, logger slog.Logger, set *entitlements
199198
SignupsDisabledText: vals.OIDC.SignupsDisabledText.String(),
200199
IconURL: vals.OIDC.IconURL.String(),
201200
IgnoreEmailVerified: vals.OIDC.IgnoreEmailVerified.Value(),
202-
IDPSync: idpsync.NewSync(logger, set, idpsync.SyncSettings{
203-
OrganizationField: vals.OIDC.OrganizationField.Value(),
204-
OrganizationMapping: vals.OIDC.OrganizationMapping.Value,
205-
OrganizationAssignDefault: vals.OIDC.OrganizationAssignDefault.Value(),
206-
}),
207201
}, nil
208202
}
209203

coderd/coderd.go

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,7 @@ import (
3838

3939
"cdr.dev/slog"
4040
"github.com/coder/coder/v2/coderd/entitlements"
41+
"github.com/coder/coder/v2/coderd/idpsync"
4142
"github.com/coder/quartz"
4243
"github.com/coder/serpent"
4344

@@ -243,6 +244,9 @@ type Options struct {
243244
WorkspaceUsageTracker *workspacestats.UsageTracker
244245
// NotificationsEnqueuer handles enqueueing notifications for delivery by SMTP, webhook, etc.
245246
NotificationsEnqueuer notifications.Enqueuer
247+
248+
// IDPSync holds all configured values for syncing external IDP users into Coder.
249+
IDPSync idpsync.IDPSync
246250
}
247251

248252
// @title Coder API
@@ -270,6 +274,13 @@ func New(options *Options) *API {
270274
if options.Entitlements == nil {
271275
options.Entitlements = entitlements.New()
272276
}
277+
if options.IDPSync == nil {
278+
options.IDPSync = idpsync.NewAGPLSync(options.Logger, idpsync.SyncSettings{
279+
OrganizationField: options.DeploymentValues.OIDC.OrganizationField.Value(),
280+
OrganizationMapping: options.DeploymentValues.OIDC.OrganizationMapping.Value,
281+
OrganizationAssignDefault: options.DeploymentValues.OIDC.OrganizationAssignDefault.Value(),
282+
})
283+
}
273284
if options.NewTicker == nil {
274285
options.NewTicker = func(duration time.Duration) (tick <-chan time.Time, done func()) {
275286
ticker := time.NewTicker(duration)

coderd/idpsync/idpsync.go

Lines changed: 1 addition & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -11,22 +11,11 @@ import (
1111

1212
"cdr.dev/slog"
1313
"github.com/coder/coder/v2/coderd/database"
14-
"github.com/coder/coder/v2/coderd/entitlements"
1514
"github.com/coder/coder/v2/coderd/httpapi"
1615
"github.com/coder/coder/v2/codersdk"
1716
"github.com/coder/coder/v2/site"
1817
)
1918

20-
// NewSync is a factory function for creating an IDP sync object.
21-
// Due to the way we instantiate Coder, there is no way for the enterprise
22-
// cli wrapper to pass in the enterprise IDP sync object.
23-
// So instead, if the code is compiled with the enterprise logic, it will
24-
// override this function to return the enterprise IDP sync object.
25-
// For unit testing, the callers can specifically choose which "NewSync" to use.
26-
var NewSync = func(logger slog.Logger, set *entitlements.Set, settings SyncSettings) IDPSync {
27-
return NewAGPLSync(logger, set, settings)
28-
}
29-
3019
type IDPSync interface {
3120
// ParseOrganizationClaims takes claims from an OIDC provider, and returns the
3221
// organization sync params for assigning users into organizations.
@@ -57,7 +46,7 @@ type SyncSettings struct {
5746
OrganizationAssignDefault bool
5847
}
5948

60-
func NewAGPLSync(logger slog.Logger, _ *entitlements.Set, settings SyncSettings) *AGPLIDPSync {
49+
func NewAGPLSync(logger slog.Logger, settings SyncSettings) *AGPLIDPSync {
6150
return &AGPLIDPSync{
6251
Logger: logger.Named("idp-sync"),
6352
SyncSettings: settings,

coderd/idpsync/organization.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ import (
1616
"github.com/coder/coder/v2/coderd/util/slice"
1717
)
1818

19-
func (s AGPLIDPSync) ParseOrganizationClaims(ctx context.Context, _ jwt.MapClaims) (OrganizationParams, *HTTPError) {
19+
func (s AGPLIDPSync) ParseOrganizationClaims(_ context.Context, _ jwt.MapClaims) (OrganizationParams, *HTTPError) {
2020
// For AGPL we only sync the default organization.
2121
return OrganizationParams{
2222
SyncEnabled: false,

coderd/userauth.go

Lines changed: 2 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -742,9 +742,6 @@ type OIDCConfig struct {
742742
// support the userinfo endpoint, or if the userinfo endpoint causes
743743
// undesirable behavior.
744744
IgnoreUserInfo bool
745-
// IDPSync contains all the configuration for syncing user information
746-
// from the external IDP.
747-
IDPSync idpsync.IDPSync
748745

749746
// TODO: Move all idp fields into the IDPSync struct
750747
// GroupField selects the claim field to be used as the created user's
@@ -1030,7 +1027,7 @@ func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
10301027
return
10311028
}
10321029

1033-
orgSync, orgSyncErr := api.OIDCConfig.IDPSync.ParseOrganizationClaims(ctx, mergedClaims)
1030+
orgSync, orgSyncErr := api.IDPSync.ParseOrganizationClaims(ctx, mergedClaims)
10341031
if orgSyncErr != nil {
10351032
orgSyncErr.Write(rw, r)
10361033
return
@@ -1491,9 +1488,7 @@ func (api *API) oauthLogin(r *http.Request, params *oauthLoginParams) ([]*http.C
14911488
}
14921489
}
14931490

1494-
// Only OIDC really supports syncing like this. At some point, we might
1495-
// want to move this configuration and allow github to allow do org syncing.
1496-
err = api.OIDCConfig.IDPSync.SyncOrganizations(ctx, tx, user, params.OrganizationSync)
1491+
err = api.IDPSync.SyncOrganizations(ctx, tx, user, params.OrganizationSync)
14971492
if err != nil {
14981493
return xerrors.Errorf("sync organizations: %w", err)
14991494
}

codersdk/deployment.go

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1545,6 +1545,31 @@ when required by your organization's security policy.`,
15451545
Group: &deploymentGroupOIDC,
15461546
YAML: "ignoreUserInfo",
15471547
},
1548+
{
1549+
Name: "OIDC Organization Field",
1550+
Description: "This field must be set if using the organization sync feature." +
1551+
" Set to the claim to be used for organizations.",
1552+
Flag: "oidc-organization-field",
1553+
Env: "CODER_OIDC_ORGANIZATION_FIELD",
1554+
// Empty value means sync is disabled
1555+
Default: "",
1556+
Value: &c.OIDC.OrganizationField,
1557+
Group: &deploymentGroupOIDC,
1558+
YAML: "organizationField",
1559+
},
1560+
{
1561+
Name: "OIDC Assign Default Organization",
1562+
Description: "If set to true, users will always be added to the default organization. " +
1563+
"If organization sync is enabled, then the default org is always added to the user's set of expected" +
1564+
"organizations.",
1565+
Flag: "oidc-organization-assign-default",
1566+
Env: "CODER_OIDC_ORGANIZATION_ASSIGN_DEFAULT",
1567+
// Single org deployments should always have this enabled.
1568+
Default: "true",
1569+
Value: &c.OIDC.OrganizationAssignDefault,
1570+
Group: &deploymentGroupOIDC,
1571+
YAML: "organizationAssignDefault",
1572+
},
15481573
{
15491574
Name: "OIDC Group Field",
15501575
Description: "This field must be set if using the group sync feature and the scope name is not 'groups'. Set to the claim to be used for groups.",

enterprise/coderd/coderd.go

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,8 +16,10 @@ import (
1616
"github.com/coder/coder/v2/coderd/appearance"
1717
"github.com/coder/coder/v2/coderd/database"
1818
"github.com/coder/coder/v2/coderd/entitlements"
19+
"github.com/coder/coder/v2/coderd/idpsync"
1920
agplportsharing "github.com/coder/coder/v2/coderd/portsharing"
2021
"github.com/coder/coder/v2/coderd/rbac/policy"
22+
"github.com/coder/coder/v2/enterprise/coderd/enidpsync"
2123
"github.com/coder/coder/v2/enterprise/coderd/portsharing"
2224

2325
"golang.org/x/xerrors"
@@ -78,6 +80,13 @@ func New(ctx context.Context, options *Options) (_ *API, err error) {
7880
if options.Entitlements == nil {
7981
options.Entitlements = entitlements.New()
8082
}
83+
if options.IDPSync == nil {
84+
options.IDPSync = enidpsync.NewSync(options.Logger, options.Entitlements, idpsync.SyncSettings{
85+
OrganizationField: options.DeploymentValues.OIDC.OrganizationField.Value(),
86+
OrganizationMapping: options.DeploymentValues.OIDC.OrganizationMapping.Value,
87+
OrganizationAssignDefault: options.DeploymentValues.OIDC.OrganizationAssignDefault.Value(),
88+
})
89+
}
8190

8291
ctx, cancelFunc := context.WithCancel(ctx)
8392

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy