handle legacy params

Emyrk · Emyrk · commit 411c7d934c95 · 2024-09-05T14:41:42.000-05:00
diff --git a/coderd/database/queries.sql.go b/coderd/database/queries.sql.go
diff --git a/coderd/database/queries/groups.sql b/coderd/database/queries/groups.sql
@@ -53,7 +53,7 @@ WHERE
 				ELSE true
 		END
 		AND CASE WHEN array_length(@group_names :: text[], 1) > 0  THEN
-			name = ANY(@group_names)
+					 groups.name = ANY(@group_names)
 			ELSE true
 		END
 ;
diff --git a/coderd/idpsync/group.go b/coderd/idpsync/group.go
@@ -39,6 +39,18 @@ func (s AGPLIDPSync) SyncGroups(ctx context.Context, db database.Store, user dat
 		return nil
 	}
 
+	// Only care about the default org for deployment settings if the
+	// legacy deployment settings exist.
+	defaultOrgID := uuid.Nil
+	// Default organization is configured via legacy deployment values
+	if s.DeploymentSyncSettings.Legacy.GroupField != "" {
+		defaultOrganization, err := db.GetDefaultOrganization(ctx)
+		if err != nil {
+			return xerrors.Errorf("get default organization: %w", err)
+		}
+		defaultOrgID = defaultOrganization.ID
+	}
+
 	// nolint:gocritic // all syncing is done as a system user
 	ctx = dbauthz.AsSystemRestricted(ctx)
 
@@ -66,6 +78,16 @@ func (s AGPLIDPSync) SyncGroups(ctx context.Context, db database.Store, user dat
 				return xerrors.Errorf("resolve group sync settings: %w", err)
 			}
 			orgSettings[orgID] = *settings
+
+			// Legacy deployment settings will override empty settings.
+			if orgID == defaultOrgID && settings.GroupField == "" {
+				settings = &GroupSyncSettings{
+					GroupField:              s.Legacy.GroupField,
+					LegacyGroupNameMapping:  s.Legacy.GroupMapping,
+					RegexFilter:             s.Legacy.GroupFilter,
+					AutoCreateMissingGroups: s.Legacy.CreateMissingGroups,
+				}
+			}
 		}
 
 		// collect all diffs to do 1 sql update for all orgs
@@ -175,6 +197,12 @@ type GroupSyncSettings struct {
 	GroupMapping            map[string][]uuid.UUID `json:"mapping"`
 	RegexFilter             *regexp.Regexp         `json:"regex_filter"`
 	AutoCreateMissingGroups bool                   `json:"auto_create_missing_groups"`
+	// LegacyGroupNameMapping is deprecated. It remaps an IDP group name to
+	// a Coder group name. Since configuration is now done at runtime,
+	// group IDs are used to account for group renames.
+	// For legacy configurations, this config option has to remain.
+	// Deprecated: Use GroupMapping instead.
+	LegacyGroupNameMapping map[string]string
 }
 
 func (s *GroupSyncSettings) Set(v string) error {
@@ -232,6 +260,12 @@ func (s GroupSyncSettings) ParseClaims(mergedClaims jwt.MapClaims) ([]ExpectedGr
 			}
 			continue
 		}
+
+		mappedGroupName, ok := s.LegacyGroupNameMapping[group]
+		if ok {
+			groups = append(groups, ExpectedGroup{GroupName: &mappedGroupName})
+			continue
+		}
 		group := group
 		groups = append(groups, ExpectedGroup{GroupName: &group})
 	}
diff --git a/coderd/idpsync/idpsync.go b/coderd/idpsync/idpsync.go
@@ -3,6 +3,7 @@ package idpsync
 import (
 	"context"
 	"net/http"
+	"regexp"
 	"strings"
 
 	"github.com/golang-jwt/jwt/v4"
@@ -69,6 +70,15 @@ type DeploymentSyncSettings struct {
 	// have at least one group in this list.
 	// A map representation is used for easier lookup.
 	GroupAllowList map[string]struct{}
+	// Legacy deployment settings that only apply to the default org.
+	Legacy DefaultOrgLegacySettings
+}
+
+type DefaultOrgLegacySettings struct {
+	GroupField          string
+	GroupMapping        map[string]string
+	GroupFilter         *regexp.Regexp
+	CreateMissingGroups bool
 }
 
 func FromDeploymentValues(dv *codersdk.DeploymentValues) DeploymentSyncSettings {
@@ -80,8 +90,15 @@ func FromDeploymentValues(dv *codersdk.DeploymentValues) DeploymentSyncSettings
 		OrganizationMapping:       dv.OIDC.OrganizationMapping.Value,
 		OrganizationAssignDefault: dv.OIDC.OrganizationAssignDefault.Value(),
 
+		// TODO: Separate group field for allow list from default org
 		GroupField:     dv.OIDC.GroupField.Value(),
 		GroupAllowList: ConvertAllowList(dv.OIDC.GroupAllowList.Value()),
+		Legacy: DefaultOrgLegacySettings{
+			GroupField:          dv.OIDC.GroupField.Value(),
+			GroupMapping:        dv.OIDC.GroupMapping.Value,
+			GroupFilter:         dv.OIDC.GroupRegexFilter.Value(),
+			CreateMissingGroups: dv.OIDC.GroupAutoCreate.Value(),
+		},
 	}
 
 }
@@ -90,13 +107,6 @@ type SyncSettings struct {
 	DeploymentSyncSettings
 
 	Group runtimeconfig.RuntimeEntry[*GroupSyncSettings]
-
-	//// Group options here are set by the deployment config and only apply to
-	//// the default organization.
-	//GroupField          string
-	//CreateMissingGroups bool
-	//GroupMapping        map[string]string
-	//GroupFilter         *regexp.Regexp
 }
 
 func NewAGPLSync(logger slog.Logger, manager runtimeconfig.Manager, settings DeploymentSyncSettings) *AGPLIDPSync {

Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ WHERE`
`53`	`53`	`ELSE true`
`54`	`54`	`END`
`55`	`55`	`AND CASE WHEN array_length(@group_names :: text[], 1) > 0 THEN`
`56`		`- name = ANY(@group_names)`
	`56`	`+ groups.name = ANY(@group_names)`
`57`	`57`	`ELSE true`
`58`	`58`	`END`
`59`	`59`	`;`