fixup! sync missing groups

Emyrk · Emyrk · commit ec6ac573735a · 2023-08-03T11:21:52.000-05:00
diff --git a/coderd/database/dbfake/dbfake.go b/coderd/database/dbfake/dbfake.go
@@ -3526,6 +3526,7 @@ func (q *FakeQuerier) InsertGroup(_ context.Context, arg database.InsertGroupPar
 		OrganizationID: arg.OrganizationID,
 		AvatarURL:      arg.AvatarURL,
 		QuotaAllowance: arg.QuotaAllowance,
+		Source:         database.GroupSourceUser,
 	}
 
 	q.groups = append(q.groups, group)
@@ -3608,6 +3609,7 @@ func (q *FakeQuerier) InsertMissingGroups(ctx context.Context, arg database.Inse
 			AvatarURL:      "",
 			QuotaAllowance: 0,
 			DisplayName:    "",
+			Source:         arg.Source,
 		}
 		q.groups = append(q.groups, g)
 		newGroups = append(newGroups, g)
diff --git a/coderd/database/dump.sql b/coderd/database/dump.sql
diff --git a/coderd/database/migrations/000148_group_source.down.sql b/coderd/database/migrations/000148_group_source.down.sql
@@ -0,0 +1,8 @@
+BEGIN;
+
+ALTER TABLE groups
+	DROP COLUMN source;
+
+DROP TYPE group_source;
+
+COMMIT;
diff --git a/coderd/database/migrations/000148_group_source.up.sql b/coderd/database/migrations/000148_group_source.up.sql
@@ -0,0 +1,15 @@
+BEGIN;
+
+CREATE TYPE group_source AS ENUM (
+    -- User created groups
+	'user',
+    -- Groups created by the system through oidc sync
+	'oidc'
+);
+
+ALTER TABLE groups
+	ADD COLUMN source group_source NOT NULL DEFAULT 'user';
+
+COMMENT ON COLUMN groups.source IS 'Source indicates how the group was created. It can be created by a user manually, or through some system process like and OIDC group sync.';
+
+COMMIT;
diff --git a/coderd/database/models.go b/coderd/database/models.go
diff --git a/coderd/database/queries.sql.go b/coderd/database/queries.sql.go
diff --git a/coderd/database/queries/groups.sql b/coderd/database/queries/groups.sql
@@ -46,12 +46,14 @@ VALUES
 INSERT INTO groups (
 	id,
 	name,
-	organization_id
+	organization_id,
+    source
 )
 SELECT
     gen_random_uuid(),
     group_name,
-    @organization_id
+    @organization_id,
+    @source
 FROM
     UNNEST(@group_names :: text[]) AS group_name
 -- If the name conflicts, do nothing.
diff --git a/codersdk/deployment.go b/codersdk/deployment.go
@@ -1079,7 +1079,7 @@ when required by your organization's security policy.`,
 		},
 		{
 			Name:        "OIDC Regex Group Filter",
-			Description: "If provided any group name not matching the regex is ignored. This allows for filtering out groups that are not needed.",
+			Description: "If provided any group name not matching the regex is ignored. This allows for filtering out groups that are not needed. This filter is applied after the group mapping.",
 			Flag:        "oidc-group-regex-filter",
 			Env:         "CODER_OIDC_GROUP_REGEX_FILTER",
 			Default:     "",
diff --git a/codersdk/groups.go b/codersdk/groups.go
@@ -10,6 +10,13 @@ import (
 	"golang.org/x/xerrors"
 )
 
+type GroupSource string
+
+const (
+	GroupSourceUser GroupSource = "user"
+	GroupSourceOIDC GroupSource = "oidc"
+)
+
 type CreateGroupRequest struct {
 	Name           string `json:"name"`
 	DisplayName    string `json:"display_name"`
@@ -18,13 +25,14 @@ type CreateGroupRequest struct {
 }
 
 type Group struct {
-	ID             uuid.UUID `json:"id" format:"uuid"`
-	Name           string    `json:"name"`
-	DisplayName    string    `json:"display_name"`
-	OrganizationID uuid.UUID `json:"organization_id" format:"uuid"`
-	Members        []User    `json:"members"`
-	AvatarURL      string    `json:"avatar_url"`
-	QuotaAllowance int       `json:"quota_allowance"`
+	ID             uuid.UUID   `json:"id" format:"uuid"`
+	Name           string      `json:"name"`
+	DisplayName    string      `json:"display_name"`
+	OrganizationID uuid.UUID   `json:"organization_id" format:"uuid"`
+	Members        []User      `json:"members"`
+	AvatarURL      string      `json:"avatar_url"`
+	QuotaAllowance int         `json:"quota_allowance"`
+	Source         GroupSource `json:"source"`
 }
 
 func (c *Client) CreateGroup(ctx context.Context, orgID uuid.UUID, req CreateGroupRequest) (Group, error) {
diff --git a/enterprise/audit/table.go b/enterprise/audit/table.go
@@ -156,6 +156,7 @@ var auditableResourcesTypes = map[any]map[string]Action{
 		"avatar_url":      ActionTrack,
 		"quota_allowance": ActionTrack,
 		"members":         ActionTrack,
+		"source":          ActionIgnore,
 	},
 	&database.APIKey{}: {
 		"id":               ActionIgnore,
diff --git a/enterprise/coderd/groups.go b/enterprise/coderd/groups.go
@@ -409,6 +409,7 @@ func convertGroup(g database.Group, users []database.User) codersdk.Group {
 		AvatarURL:      g.AvatarURL,
 		QuotaAllowance: int(g.QuotaAllowance),
 		Members:        convertUsers(users, orgs),
+		Source:         codersdk.GroupSource(g.Source),
 	}
 }
 
diff --git a/enterprise/coderd/userauth.go b/enterprise/coderd/userauth.go
@@ -46,6 +46,7 @@ func (api *API) setUserGroups(ctx context.Context, logger slog.Logger, db databa
 			created, err := tx.InsertMissingGroups(dbauthz.AsSystemRestricted(ctx), database.InsertMissingGroupsParams{
 				OrganizationID: orgs[0].ID,
 				GroupNames:     groupNames,
+				Source:         database.GroupSourceOidc,
 			})
 			if err != nil {
 				return xerrors.Errorf("insert missing groups: %w", err)
diff --git a/enterprise/coderd/userauth_test.go b/enterprise/coderd/userauth_test.go

Original file line number	Diff line number	Diff line change
`@@ -3526,6 +3526,7 @@ func (q *FakeQuerier) InsertGroup(_ context.Context, arg database.InsertGroupPar`
`3526`	`3526`	`OrganizationID: arg.OrganizationID,`
`3527`	`3527`	`AvatarURL: arg.AvatarURL,`
`3528`	`3528`	`QuotaAllowance: arg.QuotaAllowance,`
	`3529`	`+ Source: database.GroupSourceUser,`
`3529`	`3530`	`}`
`3530`	`3531`
`3531`	`3532`	`q.groups = append(q.groups, group)`
`@@ -3608,6 +3609,7 @@ func (q *FakeQuerier) InsertMissingGroups(ctx context.Context, arg database.Inse`
`3608`	`3609`	`AvatarURL: "",`
`3609`	`3610`	`QuotaAllowance: 0,`
`3610`	`3611`	`DisplayName: "",`
	`3612`	`+ Source: arg.Source,`
`3611`	`3613`	`}`
`3612`	`3614`	`q.groups = append(q.groups, g)`
`3613`	`3615`	`newGroups = append(newGroups, g)`
Original file line number	Diff line number	Diff line change
@@ -1079,7 +1079,7 @@ when required by your organization's security policy.`,
`1079`	`1079`	`},`
`1080`	`1080`	`{`
`1081`	`1081`	`Name: "OIDC Regex Group Filter",`
`1082`		`- Description: "If provided any group name not matching the regex is ignored. This allows for filtering out groups that are not needed.",`
	`1082`	`+ Description: "If provided any group name not matching the regex is ignored. This allows for filtering out groups that are not needed. This filter is applied after the group mapping.",`
`1083`	`1083`	`Flag: "oidc-group-regex-filter",`
`1084`	`1084`	`Env: "CODER_OIDC_GROUP_REGEX_FILTER",`
`1085`	`1085`	`Default: "",`
Original file line number	Diff line number	Diff line change
`@@ -409,6 +409,7 @@ func convertGroup(g database.Group, users []database.User) codersdk.Group {`
`409`	`409`	`AvatarURL: g.AvatarURL,`
`410`	`410`	`QuotaAllowance: int(g.QuotaAllowance),`
`411`	`411`	`Members: convertUsers(users, orgs),`
	`412`	`+ Source: codersdk.GroupSource(g.Source),`
`412`	`413`	`}`
`413`	`414`	`}`
`414`	`415`