some cleanup

Emyrk · Emyrk · commit 97fd2a9c5f39 · 2024-08-28T11:29:19.000-05:00
diff --git a/cli/server.go b/cli/server.go
@@ -108,7 +108,7 @@ import (
 	"github.com/coder/coder/v2/tailnet"
 )
 
-func createOIDCConfig(ctx context.Context, logger slog.Logger, set *entitlements.Set, vals *codersdk.DeploymentValues) (*coderd.OIDCConfig, error) {
+func createOIDCConfig(ctx context.Context, logger slog.Logger, vals *codersdk.DeploymentValues) (*coderd.OIDCConfig, error) {
 	if vals.OIDC.ClientID == "" {
 		return nil, xerrors.Errorf("OIDC client ID must be set!")
 	}
@@ -669,7 +669,7 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd.
 				// Missing:
 				//	- Userinfo
 				//	- Verify
-				oc, err := createOIDCConfig(ctx, options.Logger, options.Entitlements, vals)
+				oc, err := createOIDCConfig(ctx, options.Logger, vals)
 				if err != nil {
 					return xerrors.Errorf("create oidc config: %w", err)
 				}
diff --git a/coderd/coderd.go b/coderd/coderd.go
@@ -275,6 +275,8 @@ func New(options *Options) *API {
 		options.Entitlements = entitlements.New()
 	}
 	if options.IDPSync == nil {
+		// If this is set in the options, it is probably the enterprise
+		// version of the code.
 		options.IDPSync = idpsync.NewAGPLSync(options.Logger, idpsync.SyncSettings{
 			OrganizationField:         options.DeploymentValues.OIDC.OrganizationField.Value(),
 			OrganizationMapping:       options.DeploymentValues.OIDC.OrganizationMapping.Value,
diff --git a/coderd/idpsync/idpsync.go b/coderd/idpsync/idpsync.go
@@ -16,6 +16,11 @@ import (
 	"github.com/coder/coder/v2/site"
 )
 
+// IDPSync is an interface, so we can implement this as AGPL and as enterprise,
+// and just swap the underlying implementation.
+// IDPSync exists to contain all the logic for mapping a user's external IDP
+// claims to the internal representation of a user in Coder.
+// TODO: Move group + role sync into this interface.
 type IDPSync interface {
 	// ParseOrganizationClaims takes claims from an OIDC provider, and returns the
 	// organization sync params for assigning users into organizations.
diff --git a/coderd/idpsync/organizations_test.go b/coderd/idpsync/organizations_test.go
@@ -8,7 +8,6 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"cdr.dev/slog/sloggers/slogtest"
-	"github.com/coder/coder/v2/coderd/entitlements"
 	"github.com/coder/coder/v2/coderd/idpsync"
 	"github.com/coder/coder/v2/testutil"
 )
@@ -19,7 +18,7 @@ func TestParseOrganizationClaims(t *testing.T) {
 	t.Run("SingleOrgDeployment", func(t *testing.T) {
 		t.Parallel()
 
-		s := idpsync.NewAGPLSync(slogtest.Make(t, &slogtest.Options{}), entitlements.New(), idpsync.SyncSettings{
+		s := idpsync.NewAGPLSync(slogtest.Make(t, &slogtest.Options{}), idpsync.SyncSettings{
 			OrganizationField:         "",
 			OrganizationMapping:       nil,
 			OrganizationAssignDefault: true,
@@ -39,7 +38,7 @@ func TestParseOrganizationClaims(t *testing.T) {
 		t.Parallel()
 
 		// AGPL has limited behavior
-		s := idpsync.NewAGPLSync(slogtest.Make(t, &slogtest.Options{}), entitlements.New(), idpsync.SyncSettings{
+		s := idpsync.NewAGPLSync(slogtest.Make(t, &slogtest.Options{}), idpsync.SyncSettings{
 			OrganizationField: "orgs",
 			OrganizationMapping: map[string][]uuid.UUID{
 				"random": {uuid.New()},
diff --git a/codersdk/deployment.go b/codersdk/deployment.go
@@ -1570,6 +1570,17 @@ when required by your organization's security policy.`,
 			Group:   &deploymentGroupOIDC,
 			YAML:    "organizationAssignDefault",
 		},
+		{
+			Name: "OIDC Organization Sync Mapping",
+			Description: "A map of OIDC claims and the organizations in Coder it should map to. " +
+				"This is required because organization IDs must be used within Coder.",
+			Flag:    "oidc-organization-mapping",
+			Env:     "CODER_OIDC_ORGANIZATION_MAPPING",
+			Default: "{}",
+			Value:   &c.OIDC.OrganizationMapping,
+			Group:   &deploymentGroupOIDC,
+			YAML:    "organizationMapping",
+		},
 		{
 			Name:        "OIDC Group Field",
 			Description: "This field must be set if using the group sync feature and the scope name is not 'groups'. Set to the claim to be used for groups.",

Original file line number	Diff line number	Diff line change
`@@ -108,7 +108,7 @@ import (`
`108`	`108`	`"github.com/coder/coder/v2/tailnet"`
`109`	`109`	`)`
`110`	`110`
`111`		`-func createOIDCConfig(ctx context.Context, logger slog.Logger, set entitlements.Set, vals codersdk.DeploymentValues) (*coderd.OIDCConfig, error) {`
	`111`	`+func createOIDCConfig(ctx context.Context, logger slog.Logger, vals codersdk.DeploymentValues) (coderd.OIDCConfig, error) {`
`112`	`112`	`if vals.OIDC.ClientID == "" {`
`113`	`113`	`return nil, xerrors.Errorf("OIDC client ID must be set!")`
`114`	`114`	`}`
`@@ -669,7 +669,7 @@ func (r RootCmd) Server(newAPI func(context.Context, coderd.Options) (*coderd.`
`669`	`669`	`// Missing:`
`670`	`670`	`// - Userinfo`
`671`	`671`	`// - Verify`
`672`		`- oc, err := createOIDCConfig(ctx, options.Logger, options.Entitlements, vals)`
	`672`	`+ oc, err := createOIDCConfig(ctx, options.Logger, vals)`
`673`	`673`	`if err != nil {`
`674`	`674`	`return xerrors.Errorf("create oidc config: %w", err)`
`675`	`675`	`}`
Original file line number	Diff line number	Diff line change
`@@ -275,6 +275,8 @@ func New(options Options) API {`
`275`	`275`	`options.Entitlements = entitlements.New()`
`276`	`276`	`}`
`277`	`277`	`if options.IDPSync == nil {`
	`278`	`+ // If this is set in the options, it is probably the enterprise`
	`279`	`+ // version of the code.`
`278`	`280`	`options.IDPSync = idpsync.NewAGPLSync(options.Logger, idpsync.SyncSettings{`
`279`	`281`	`OrganizationField: options.DeploymentValues.OIDC.OrganizationField.Value(),`
`280`	`282`	`OrganizationMapping: options.DeploymentValues.OIDC.OrganizationMapping.Value,`