synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-15 22:20:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add additional patch routes for group and role idp sync (#16351)

Browse Source
This commit is contained in:
ケイラ
2025-01-31 12:14:24 -07:00
committed by GitHub
parent e37b7fc481
commit 0e2ae10b47
13 changed files with 1749 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

284
coderd/apidoc/docs.go generated
View File

@ -3438,6 +3438,100 @@ const docTemplate = `{
}
}
},
"/organizations/{organization}/settings/idpsync/groups/config": {
"patch": {
"security": [
{
"CoderSessionToken": []
}
],
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"Enterprise"
],
"summary": "Update group IdP Sync config",
"operationId": "update-group-idp-sync-config",
"parameters": [
{
"type": "string",
"format": "uuid",
"description": "Organization ID or name",
"name": "organization",
"in": "path",
"required": true
},
{
"description": "New config values",
"name": "request",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/codersdk.PatchGroupIDPSyncConfigRequest"
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/codersdk.GroupSyncSettings"
}
}
}
}
},
"/organizations/{organization}/settings/idpsync/groups/mapping": {
"patch": {
"security": [
{
"CoderSessionToken": []
}
],
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"Enterprise"
],
"summary": "Update group IdP Sync mapping",
"operationId": "update-group-idp-sync-mapping",
"parameters": [
{
"type": "string",
"format": "uuid",
"description": "Organization ID or name",
"name": "organization",
"in": "path",
"required": true
},
{
"description": "Description of the mappings to add and remove",
"name": "request",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/codersdk.PatchGroupIDPSyncMappingRequest"
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/codersdk.GroupSyncSettings"
}
}
}
}
},
"/organizations/{organization}/settings/idpsync/roles": {
"get": {
"security": [
@ -3518,6 +3612,100 @@ const docTemplate = `{
}
}
},
"/organizations/{organization}/settings/idpsync/roles/config": {
"patch": {
"security": [
{
"CoderSessionToken": []
}
],
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"Enterprise"
],
"summary": "Update role IdP Sync config",
"operationId": "update-role-idp-sync-config",
"parameters": [
{
"type": "string",
"format": "uuid",
"description": "Organization ID or name",
"name": "organization",
"in": "path",
"required": true
},
{
"description": "New config values",
"name": "request",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/codersdk.PatchRoleIDPSyncConfigRequest"
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/codersdk.RoleSyncSettings"
}
}
}
}
},
"/organizations/{organization}/settings/idpsync/roles/mapping": {
"patch": {
"security": [
{
"CoderSessionToken": []
}
],
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"Enterprise"
],
"summary": "Update role IdP Sync mapping",
"operationId": "update-role-idp-sync-mapping",
"parameters": [
{
"type": "string",
"format": "uuid",
"description": "Organization ID or name",
"name": "organization",
"in": "path",
"required": true
},
{
"description": "Description of the mappings to add and remove",
"name": "request",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/codersdk.PatchRoleIDPSyncMappingRequest"
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/codersdk.RoleSyncSettings"
}
}
}
}
},
"/organizations/{organization}/templates": {
"get": {
"security": [
@ -12469,6 +12657,57 @@ const docTemplate = `{
}
}
},
"codersdk.PatchGroupIDPSyncConfigRequest": {
"type": "object",
"properties": {
"auto_create_missing_groups": {
"type": "boolean"
},
"field": {
"type": "string"
},
"regex_filter": {
"$ref": "#/definitions/regexp.Regexp"
}
}
},
"codersdk.PatchGroupIDPSyncMappingRequest": {
"type": "object",
"properties": {
"add": {
"type": "array",
"items": {
"type": "object",
"properties": {
"gets": {
"description": "The ID of the Coder resource the user should be added to",
"type": "string"
},
"given": {
"description": "The IdP claim the user has",
"type": "string"
}
}
}
},
"remove": {
"type": "array",
"items": {
"type": "object",
"properties": {
"gets": {
"description": "The ID of the Coder resource the user should be added to",
"type": "string"
},
"given": {
"description": "The IdP claim the user has",
"type": "string"
}
}
}
}
}
},
"codersdk.PatchGroupRequest": {
"type": "object",
"properties": {
@ -12546,6 +12785,51 @@ const docTemplate = `{
}
}
},
"codersdk.PatchRoleIDPSyncConfigRequest": {
"type": "object",
"properties": {
"field": {
"type": "string"
}
}
},
"codersdk.PatchRoleIDPSyncMappingRequest": {
"type": "object",
"properties": {
"add": {
"type": "array",
"items": {
"type": "object",
"properties": {
"gets": {
"description": "The ID of the Coder resource the user should be added to",
"type": "string"
},
"given": {
"description": "The IdP claim the user has",
"type": "string"
}
}
}
},
"remove": {
"type": "array",
"items": {
"type": "object",
"properties": {
"gets": {
"description": "The ID of the Coder resource the user should be added to",
"type": "string"
},
"given": {
"description": "The IdP claim the user has",
"type": "string"
}
}
}
}
}
},
"codersdk.PatchTemplateVersionRequest": {
"type": "object",
"properties": {

260
coderd/apidoc/swagger.json generated
View File

@ -3030,6 +3030,88 @@
}
}
},
"/organizations/{organization}/settings/idpsync/groups/config": {
"patch": {
"security": [
{
"CoderSessionToken": []
}
],
"consumes": ["application/json"],
"produces": ["application/json"],
"tags": ["Enterprise"],
"summary": "Update group IdP Sync config",
"operationId": "update-group-idp-sync-config",
"parameters": [
{
"type": "string",
"format": "uuid",
"description": "Organization ID or name",
"name": "organization",
"in": "path",
"required": true
},
{
"description": "New config values",
"name": "request",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/codersdk.PatchGroupIDPSyncConfigRequest"
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/codersdk.GroupSyncSettings"
}
}
}
}
},
"/organizations/{organization}/settings/idpsync/groups/mapping": {
"patch": {
"security": [
{
"CoderSessionToken": []
}
],
"consumes": ["application/json"],
"produces": ["application/json"],
"tags": ["Enterprise"],
"summary": "Update group IdP Sync mapping",
"operationId": "update-group-idp-sync-mapping",
"parameters": [
{
"type": "string",
"format": "uuid",
"description": "Organization ID or name",
"name": "organization",
"in": "path",
"required": true
},
{
"description": "Description of the mappings to add and remove",
"name": "request",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/codersdk.PatchGroupIDPSyncMappingRequest"
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/codersdk.GroupSyncSettings"
}
}
}
}
},
"/organizations/{organization}/settings/idpsync/roles": {
"get": {
"security": [
@ -3100,6 +3182,88 @@
}
}
},
"/organizations/{organization}/settings/idpsync/roles/config": {
"patch": {
"security": [
{
"CoderSessionToken": []
}
],
"consumes": ["application/json"],
"produces": ["application/json"],
"tags": ["Enterprise"],
"summary": "Update role IdP Sync config",
"operationId": "update-role-idp-sync-config",
"parameters": [
{
"type": "string",
"format": "uuid",
"description": "Organization ID or name",
"name": "organization",
"in": "path",
"required": true
},
{
"description": "New config values",
"name": "request",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/codersdk.PatchRoleIDPSyncConfigRequest"
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/codersdk.RoleSyncSettings"
}
}
}
}
},
"/organizations/{organization}/settings/idpsync/roles/mapping": {
"patch": {
"security": [
{
"CoderSessionToken": []
}
],
"consumes": ["application/json"],
"produces": ["application/json"],
"tags": ["Enterprise"],
"summary": "Update role IdP Sync mapping",
"operationId": "update-role-idp-sync-mapping",
"parameters": [
{
"type": "string",
"format": "uuid",
"description": "Organization ID or name",
"name": "organization",
"in": "path",
"required": true
},
{
"description": "Description of the mappings to add and remove",
"name": "request",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/codersdk.PatchRoleIDPSyncMappingRequest"
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/codersdk.RoleSyncSettings"
}
}
}
}
},
"/organizations/{organization}/templates": {
"get": {
"security": [
@ -11238,6 +11402,57 @@
}
}
},
"codersdk.PatchGroupIDPSyncConfigRequest": {
"type": "object",
"properties": {
"auto_create_missing_groups": {
"type": "boolean"
},
"field": {
"type": "string"
},
"regex_filter": {
"$ref": "#/definitions/regexp.Regexp"
}
}
},
"codersdk.PatchGroupIDPSyncMappingRequest": {
"type": "object",
"properties": {
"add": {
"type": "array",
"items": {
"type": "object",
"properties": {
"gets": {
"description": "The ID of the Coder resource the user should be added to",
"type": "string"
},
"given": {
"description": "The IdP claim the user has",
"type": "string"
}
}
}
},
"remove": {
"type": "array",
"items": {
"type": "object",
"properties": {
"gets": {
"description": "The ID of the Coder resource the user should be added to",
"type": "string"
},
"given": {
"description": "The IdP claim the user has",
"type": "string"
}
}
}
}
}
},
"codersdk.PatchGroupRequest": {
"type": "object",
"properties": {
@ -11315,6 +11530,51 @@
}
}
},
"codersdk.PatchRoleIDPSyncConfigRequest": {
"type": "object",
"properties": {
"field": {
"type": "string"
}
}
},
"codersdk.PatchRoleIDPSyncMappingRequest": {
"type": "object",
"properties": {
"add": {
"type": "array",
"items": {
"type": "object",
"properties": {
"gets": {
"description": "The ID of the Coder resource the user should be added to",
"type": "string"
},
"given": {
"description": "The IdP claim the user has",
"type": "string"
}
}
}
},
"remove": {
"type": "array",
"items": {
"type": "object",
"properties": {
"gets": {
"description": "The ID of the Coder resource the user should be added to",
"type": "string"
},
"given": {
"description": "The IdP claim the user has",
"type": "string"
}
}
}
}
}
},
"codersdk.PatchTemplateVersionRequest": {
"type": "object",
"properties": {

2
coderd/idpsync/group.go
View File

@ -30,7 +30,7 @@ func (AGPLIDPSync) GroupSyncEntitled() bool {
return false
}
func (s AGPLIDPSync) UpdateGroupSettings(ctx context.Context, orgID uuid.UUID, db database.Store, settings GroupSyncSettings) error {
func (s AGPLIDPSync) UpdateGroupSyncSettings(ctx context.Context, orgID uuid.UUID, db database.Store, settings GroupSyncSettings) error {
orgResolver := s.Manager.OrganizationResolver(db, orgID)
err := s.SyncSettings.Group.SetRuntimeValue(ctx, orgResolver, &settings)
if err != nil {

4
coderd/idpsync/idpsync.go
View File

@ -48,7 +48,7 @@ type IDPSync interface {
// on the settings used by IDPSync. This entry is thread safe and can be
// accessed concurrently. The settings are stored in the database.
GroupSyncSettings(ctx context.Context, orgID uuid.UUID, db database.Store) (*GroupSyncSettings, error)
UpdateGroupSettings(ctx context.Context, orgID uuid.UUID, db database.Store, settings GroupSyncSettings) error
UpdateGroupSyncSettings(ctx context.Context, orgID uuid.UUID, db database.Store, settings GroupSyncSettings) error
// RoleSyncEntitled returns true if the deployment is entitled to role syncing.
RoleSyncEntitled() bool
@ -61,7 +61,7 @@ type IDPSync interface {
// RoleSyncSettings is similar to GroupSyncSettings. See GroupSyncSettings for
// rational.
RoleSyncSettings(ctx context.Context, orgID uuid.UUID, db database.Store) (*RoleSyncSettings, error)
UpdateRoleSettings(ctx context.Context, orgID uuid.UUID, db database.Store, settings RoleSyncSettings) error
UpdateRoleSyncSettings(ctx context.Context, orgID uuid.UUID, db database.Store, settings RoleSyncSettings) error
// ParseRoleClaims takes claims from an OIDC provider, and returns the params
// for role syncing. Most of the logic happens in SyncRoles.
ParseRoleClaims(ctx context.Context, mergedClaims jwt.MapClaims) (RoleParams, *HTTPError)

2
coderd/idpsync/role.go
View File

@ -42,7 +42,7 @@ func (AGPLIDPSync) SiteRoleSyncEnabled() bool {
return false
}
func (s AGPLIDPSync) UpdateRoleSettings(ctx context.Context, orgID uuid.UUID, db database.Store, settings RoleSyncSettings) error {
func (s AGPLIDPSync) UpdateRoleSyncSettings(ctx context.Context, orgID uuid.UUID, db database.Store, settings RoleSyncSettings) error {
orgResolver := s.Manager.OrganizationResolver(db, orgID)
err := s.SyncSettings.Role.SetRuntimeValue(ctx, orgResolver, &settings)
if err != nil {