Skip to content

Commit f2857c6

Browse files
EmyrkEmyrk
committed
initial implementation of group sync
1 parent bfddeb6 commit f2857c6

File tree

10 files changed

+114
-23
lines changed

10 files changed

+114
-23
lines changed

coderd/database/dbauthz/dbauthz.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3108,6 +3108,10 @@ func (q *querier) RemoveUserFromAllGroups(ctx context.Context, userID uuid.UUID)
31083108
return q.db.RemoveUserFromAllGroups(ctx, userID)
31093109
}
31103110

3111+
func (q *querier) RemoveUserFromGroups(ctx context.Context, arg database.RemoveUserFromGroupsParams) ([]uuid.UUID, error) {
3112+
panic("not implemented")
3113+
}
3114+
31113115
func (q *querier) RevokeDBCryptKey(ctx context.Context, activeKeyDigest string) error {
31123116
if err := q.authorizeContext(ctx, policy.ActionUpdate, rbac.ResourceSystem); err != nil {
31133117
return err

coderd/database/dbauthz/dbauthz_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -397,7 +397,7 @@ func (s *MethodTestSuite) TestGroup() {
397397
check.Args(database.InsertUserGroupsByIDParams{
398398
UserID: u1.ID,
399399
GroupIds: slice.New(g1.ID, g2.ID),
400-
}).Asserts(rbac.ResourceSystem, policy.ActionUpdate).Returns(slice.New(g1, g2))
400+
}).Asserts(rbac.ResourceSystem, policy.ActionUpdate).Returns(slice.New(g1.ID, g2.ID))
401401
}))
402402
s.Run("RemoveUserFromAllGroups", s.Subtest(func(db database.Store, check *expects) {
403403
o := dbgen.Organization(s.T(), db, database.Organization{})

coderd/database/dbmem/dbmem.go

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7637,6 +7637,15 @@ func (q *FakeQuerier) RemoveUserFromAllGroups(_ context.Context, userID uuid.UUI
76377637
return nil
76387638
}
76397639

7640+
func (q *FakeQuerier) RemoveUserFromGroups(ctx context.Context, arg database.RemoveUserFromGroupsParams) ([]uuid.UUID, error) {
7641+
err := validateDatabaseType(arg)
7642+
if err != nil {
7643+
return nil, err
7644+
}
7645+
7646+
panic("not implemented")
7647+
}
7648+
76407649
func (q *FakeQuerier) RevokeDBCryptKey(_ context.Context, activeKeyDigest string) error {
76417650
q.mutex.Lock()
76427651
defer q.mutex.Unlock()

coderd/database/dbmetrics/dbmetrics.go

Lines changed: 9 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/dbmock/dbmock.go

Lines changed: 15 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/querier.go

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/queries.sql.go

Lines changed: 37 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/queries/groupmembers.sql

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,14 @@ DELETE FROM
5454
WHERE
5555
user_id = @user_id;
5656

57+
-- name: RemoveUserFromGroups :many
58+
DELETE FROM
59+
group_members
60+
WHERE
61+
user_id = @user_id AND
62+
group_id = ANY(@group_ids :: uuid [])
63+
RETURNING group_id;
64+
5765
-- name: InsertGroupMember :exec
5866
INSERT INTO
5967
group_members (user_id, group_id)

coderd/idpsync/group.go

Lines changed: 29 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -135,29 +135,39 @@ func (s AGPLIDPSync) SyncGroups(ctx context.Context, db database.Store, user dat
135135
groupsToAdd = append(groupsToAdd, assignGroups...)
136136
}
137137

138-
tx.InsertUserGroupsByID(ctx, database.InsertUserGroupsByIDParams{
139-
UserID: user.ID,
140-
GroupIds: groupsToAdd,
138+
assignedGroupIDs, err := tx.InsertUserGroupsByID(ctx, database.InsertUserGroupsByIDParams{
139+
UserID: user.ID,
140+
GroupIds: groupsToAdd,
141141
})
142+
if err != nil {
143+
return xerrors.Errorf("insert user into %d groups: %w", len(groupsToAdd), err)
144+
}
145+
if len(assignedGroupIDs) != len(groupsToAdd) {
146+
s.Logger.Debug(ctx, "failed to assign all groups to user",
147+
slog.F("user_id", user.ID),
148+
slog.F("groups_assigned_count", len(assignedGroupIDs)),
149+
slog.F("expected_count", len(groupsToAdd)),
150+
)
151+
}
152+
153+
removedGroupIDs, err := tx.RemoveUserFromGroups(ctx, database.RemoveUserFromGroupsParams{
154+
UserID: user.ID,
155+
GroupIds: groupsToRemove,
156+
})
157+
if err != nil {
158+
return xerrors.Errorf("remove user from %d groups: %w", len(groupsToRemove), err)
159+
}
160+
if len(removedGroupIDs) != len(groupsToRemove) {
161+
s.Logger.Debug(ctx, "failed to remove user from all groups",
162+
slog.F("user_id", user.ID),
163+
slog.F("groups_removed_count", len(removedGroupIDs)),
164+
slog.F("expected_count", len(groupsToRemove)),
165+
)
166+
}
167+
142168
return nil
143169
}, nil)
144170

145-
//
146-
//tx.InTx(func(tx database.Store) error {
147-
// // When setting the user's groups, it's easier to just clear their groups and re-add them.
148-
// // This ensures that the user's groups are always in sync with the auth provider.
149-
// err := tx.RemoveUserFromAllGroups(ctx, user.ID)
150-
// if err != nil {
151-
// return err
152-
// }
153-
//
154-
// for _, org := range userOrgs {
155-
//
156-
// }
157-
//
158-
// return nil
159-
//}, nil)
160-
161171
return nil
162172
}
163173

enterprise/coderd/enidpsync/enidpsync.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ type EnterpriseIDPSync struct {
1616
*idpsync.AGPLIDPSync
1717
}
1818

19-
func NewSync(logger slog.Logger, set *entitlements.Set, settings idpsync.SyncSettings) *EnterpriseIDPSync {
19+
func NewSync(logger slog.Logger, set *entitlements.Set, settings idpsync.DeploymentSyncSettings) *EnterpriseIDPSync {
2020
return &EnterpriseIDPSync{
2121
entitlements: set,
2222
AGPLIDPSync: idpsync.NewAGPLSync(logger.With(slog.F("enterprise_capable", "true")), settings),

0 commit comments

Comments
 (0)