Skip to content

chore: implement organization sync and create idpsync package #14432

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 23 commits into from
Aug 30, 2024
Merged

chore: implement organization sync and create idpsync package #14432

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
a8d0495
chore: implement filters for the organizations query
Emyrk Aug 28, 2024
d788be7
chore: implement organization sync and create idpsync package
Emyrk Aug 26, 2024
f596da1
chore: refactor into agpl and enterprise
Emyrk Aug 26, 2024
d42772c
compilation fixes
Emyrk Aug 26, 2024
7d3ec14
fix compile issues
Emyrk Aug 26, 2024
9287fb9
trying to figure out how to initialize both AGPL and enterprise
Emyrk Aug 26, 2024
9c12b18
ended up with a global factory funciton
Emyrk Aug 26, 2024
210239f
fixup compile issues
Emyrk Aug 26, 2024
94e05e7
fixup errors
Emyrk Aug 27, 2024
e2badf4
fixup some comments
Emyrk Aug 27, 2024
eb7e2c5
Actually enable org sync in the oidc flow
Emyrk Aug 27, 2024
951a724
test: start implementing sync tests
Emyrk Aug 27, 2024
8350cca
fixup duplicate assignments
Emyrk Aug 27, 2024
d5bf63a
linting
Emyrk Aug 27, 2024
b3144c0
move the config into api options
Emyrk Aug 27, 2024
72b501e
change sqlc version
Emyrk Aug 28, 2024
5216230
some cleanup
Emyrk Aug 28, 2024
e73919e
test: add full org sync tests
Emyrk Aug 28, 2024
e37d476
linting
Emyrk Aug 28, 2024
a8647ce
make gen
Emyrk Aug 28, 2024
02812e4
update golden files
Emyrk Aug 28, 2024
e18bc8f
PR comments
Emyrk Aug 28, 2024
3516008
fmt
Emyrk Aug 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Actually enable org sync in the oidc flow
  • Loading branch information
@Emyrk
Emyrk committed Aug 29, 2024
commit eb7e2c5bfc6e4069e28d2510324f13c2fc51600d
4 changes: 3 additions & 1 deletion coderd/idpsync/organization.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,9 @@ func (s AGPLIDPSync) ParseOrganizationClaims(ctx context.Context, _ map[string]i

type OrganizationParams struct {
// SyncEnabled if false will skip syncing the user's organizations.
SyncEnabled bool
SyncEnabled bool
// IncludeDefault is primarily for single org deployments. It will ensure
// a user is always inserted into the default org.
IncludeDefault bool
// Organizations is the list of organizations the user should be a member of
// assuming syncing is turned on.
Expand Down
27 changes: 22 additions & 5 deletions coderd/userauth.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -659,6 +659,11 @@ func (api *API) userOAuth2Github(rw http.ResponseWriter, r *http.Request) {
AvatarURL: ghUser.GetAvatarURL(),
Name: normName,
DebugContext: OauthDebugContext{},
OrganizationSync: idpsync.OrganizationParams{
SyncEnabled: false,
IncludeDefault: true,
Organizations: []uuid.UUID{},
},
}).SetInitAuditRequest(func(params *audit.RequestParams) (*audit.Request[database.User], func()) {
return audit.InitRequest[database.User](rw, params)
})
Expand Down Expand Up @@ -1411,14 +1416,19 @@ func (api *API) oauthLogin(r *http.Request, params *oauthLoginParams) ([]*http.C
}
}

// Even if org sync is disabled, single org deployments will always
// have this set to true.
orgIDs := []uuid.UUID{}
if params.OrganizationSync.IncludeDefault {
orgIDs = append(orgIDs, defaultOrganization.ID)
}

//nolint:gocritic
user, err = api.CreateUser(dbauthz.AsSystemRestricted(ctx), tx, CreateUserRequest{
CreateUserRequestWithOrgs: codersdk.CreateUserRequestWithOrgs{
Email: params.Email,
Username: params.Username,
// TODO: Remove this, and only use organization sync from
// params
OrganizationIDs: []uuid.UUID{defaultOrganization.ID},
Email: params.Email,
Username: params.Username,
OrganizationIDs: orgIDs,
},
LoginType: params.LoginType,
})
Expand Down Expand Up @@ -1481,6 +1491,13 @@ func (api *API) oauthLogin(r *http.Request, params *oauthLoginParams) ([]*http.C
}
}

// Only OIDC really supports syncing like this. At some point, we might
// want to move this configuration and allow github to allow do org syncing.
err = api.OIDCConfig.IDPSync.SyncOrganizations(ctx, tx, user, params.OrganizationSync)
if err != nil {
return xerrors.Errorf("sync organizations: %w", err)
}

// Ensure groups are correct.
// This places all groups into the default organization.
// To go multi-org, we need to add a mapping feature here to know which
Expand Down