Skip to content

chore: implement OIDCClaimFieldValues for idp sync mappings auto complete #15576

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
Nov 21, 2024
Merged

chore: implement OIDCClaimFieldValues for idp sync mappings auto complete #15576

Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
0b20020
chore: implement OIDCClaimFieldValues for idp sync mappings help
Emyrk Nov 18, 2024
917ce36
remove text cast
Emyrk Nov 18, 2024
1a5dc30
make gen
Emyrk Nov 18, 2024
2ee347f
chore: unit tests for OIDCClaimFieldValues and fixup sql arg types
Emyrk Nov 18, 2024
0ef9f10
fix mock
Emyrk Nov 18, 2024
614acc7
linting
Emyrk Nov 18, 2024
e04102f
fmt
Emyrk Nov 18, 2024
dae9216
dbauthz tests
Emyrk Nov 18, 2024
7852434
linting
Emyrk Nov 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
chore: implement OIDCClaimFieldValues for idp sync mappings help
  • Loading branch information
@Emyrk
Emyrk committed Nov 18, 2024
commit 0b20020a6373aeb237de28a74a270c46d5758453
33 changes: 32 additions & 1 deletion coderd/database/queries/user_links.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,6 @@ SET
WHERE
user_id = $7 AND login_type = $8 RETURNING *;


-- name: OIDCClaimFields :many
-- OIDCClaimFields returns a list of distinct keys in the the merged_claims fields.
-- This query is used to generate the list of available sync fields for idp sync settings.
Expand All @@ -78,3 +77,35 @@ WHERE
ELSE true
END
;

-- name: OIDCClaimFieldValues :many
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where is this being / going to be called?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the Mappings section, this generates the left hand side options.

So if doing Group sync, this shows the user which IDP groups exist.

SELECT
-- DISTINCT to remove duplicates
DISTINCT jsonb_array_elements_text(CASE
-- When the type is an array, filter out any non-string elements.
-- This is to keep the return type consistent.
WHEN jsonb_typeof(claims->'merged_claims'->'groups') = 'array' THEN
(
SELECT
jsonb_agg(element)
FROM
jsonb_array_elements(claims->'merged_claims'->@claim_field) AS element
WHERE
-- Filtering out non-string elements
jsonb_typeof(element) = 'string'
)
-- Some IDPs return a single string instead of an array of strings.
WHEN jsonb_typeof(claims->'merged_claims'->'groups') = 'string' THEN
jsonb_build_array(claims->'merged_claims'->@claim_field)
END)::text
FROM
user_links
WHERE
-- IDP sync only supports string and array (of string) types
jsonb_typeof(claims->'merged_claims'->@claim_field) = ANY(ARRAY['string', 'array'])
AND login_type = 'oidc'
AND CASE WHEN @organization_id :: uuid != '00000000-0000-0000-0000-000000000000'::uuid THEN
user_links.user_id = ANY(SELECT organization_members.user_id FROM organization_members WHERE organization_id = @organization_id)
ELSE true
END
;