Skip to content

Commit 4686ddb

Browse files
coadlerpull[bot]
coadler
authored and
pull[bot]
committed
feat: assign users to groups returned by OIDC provider (#5965)
1 parent c86634e commit 4686ddb

File tree

11 files changed

+471
-127
lines changed

11 files changed

+471
-127
lines changed

coderd/coderd.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -115,6 +115,7 @@ type Options struct {
115115
DERPServer *derp.Server
116116
DERPMap *tailcfg.DERPMap
117117
SwaggerEndpoint bool
118+
SetUserGroups func(ctx context.Context, tx database.Store, userID uuid.UUID, groupNames []string) error
118119

119120
// APIRateLimit is the minutely throughput rate limit per user or ip.
120121
// Setting a rate limit <0 will disable the rate limiter across the entire
@@ -202,6 +203,9 @@ func New(options *Options) *API {
202203
if options.Auditor == nil {
203204
options.Auditor = audit.NewNop()
204205
}
206+
if options.SetUserGroups == nil {
207+
options.SetUserGroups = func(context.Context, database.Store, uuid.UUID, []string) error { return nil }
208+
}
205209

206210
siteCacheDir := options.CacheDir
207211
if siteCacheDir != "" {

coderd/database/databasefake/databasefake.go

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3528,6 +3528,50 @@ func (q *fakeQuerier) DeleteGroupMemberFromGroup(_ context.Context, arg database
35283528
return nil
35293529
}
35303530

3531+
func (q *fakeQuerier) InsertUserGroupsByName(_ context.Context, arg database.InsertUserGroupsByNameParams) error {
3532+
q.mutex.Lock()
3533+
defer q.mutex.Unlock()
3534+
3535+
var groupIDs []uuid.UUID
3536+
for _, group := range q.groups {
3537+
for _, groupName := range arg.GroupNames {
3538+
if group.Name == groupName {
3539+
groupIDs = append(groupIDs, group.ID)
3540+
}
3541+
}
3542+
}
3543+
3544+
for _, groupID := range groupIDs {
3545+
q.groupMembers = append(q.groupMembers, database.GroupMember{
3546+
UserID: arg.UserID,
3547+
GroupID: groupID,
3548+
})
3549+
}
3550+
3551+
return nil
3552+
}
3553+
3554+
func (q *fakeQuerier) DeleteGroupMembersByOrgAndUser(_ context.Context, arg database.DeleteGroupMembersByOrgAndUserParams) error {
3555+
q.mutex.Lock()
3556+
defer q.mutex.Unlock()
3557+
3558+
newMembers := q.groupMembers[:0]
3559+
for _, member := range q.groupMembers {
3560+
if member.UserID == arg.UserID {
3561+
for _, group := range q.groups {
3562+
if group.ID == member.GroupID && group.OrganizationID == arg.OrganizationID {
3563+
continue
3564+
}
3565+
3566+
newMembers = append(newMembers, member)
3567+
}
3568+
}
3569+
}
3570+
q.groupMembers = newMembers
3571+
3572+
return nil
3573+
}
3574+
35313575
func (q *fakeQuerier) UpdateGroupByID(_ context.Context, arg database.UpdateGroupByIDParams) (database.Group, error) {
35323576
if err := validateDatabaseType(arg); err != nil {
35333577
return database.Group{}, err

coderd/database/querier.go

Lines changed: 3 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/queries.sql.go

Lines changed: 133 additions & 79 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)