synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-15 22:20:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: move organizatinon sync to runtime configuration (#15431)

Browse Source 
Moves the configuration from environment to database backed, to allow
configuring organization sync at runtime.
This commit is contained in:
Steven Masley
2024-11-08 08:44:14 -06:00
committed by GitHub
parent 7b33ab0dcf
commit 782214bcd8
28 changed files with 883 additions and 280 deletions
Download Patch File Download Diff File Expand all files Collapse all files

138
docs/reference/api/enterprise.md generated
View File

@ -1831,17 +1831,37 @@ To perform this operation, you must be authenticated. [Learn more](authenticatio
```shell
# Example request using curl
curl -X PATCH http://coder-server:8080/api/v2/organizations/{organization}/settings/idpsync/groups \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Coder-Session-Token: API_KEY'
```
`PATCH /organizations/{organization}/settings/idpsync/groups`
> Body parameter
```json
{
"auto_create_missing_groups": true,
"field": "string",
"legacy_group_name_mapping": {
"property1": "string",
"property2": "string"
},
"mapping": {
"property1": ["string"],
"property2": ["string"]
},
"regex_filter": {}
}
```
### Parameters
| Name | In | Type | Required | Description |
| -------------- | ---- | ------------ | -------- | --------------- |
| `organization` | path | string(uuid) | true | Organization ID |
| Name | In | Type | Required | Description |
| -------------- | ---- | ------------------------------------------------------------------ | -------- | --------------- |
| `organization` | path | string(uuid) | true | Organization ID |
| `body` | body | [codersdk.GroupSyncSettings](schemas.md#codersdkgroupsyncsettings) | true | New settings |
### Example responses
@ -1919,17 +1939,31 @@ To perform this operation, you must be authenticated. [Learn more](authenticatio
```shell
# Example request using curl
curl -X PATCH http://coder-server:8080/api/v2/organizations/{organization}/settings/idpsync/roles \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Coder-Session-Token: API_KEY'
```
`PATCH /organizations/{organization}/settings/idpsync/roles`
> Body parameter
```json
{
"field": "string",
"mapping": {
"property1": ["string"],
"property2": ["string"]
}
}
```
### Parameters
| Name | In | Type | Required | Description |
| -------------- | ---- | ------------ | -------- | --------------- |
| `organization` | path | string(uuid) | true | Organization ID |
| Name | In | Type | Required | Description |
| -------------- | ---- | ---------------------------------------------------------------- | -------- | --------------- |
| `organization` | path | string(uuid) | true | Organization ID |
| `body` | body | [codersdk.RoleSyncSettings](schemas.md#codersdkrolesyncsettings) | true | New settings |
### Example responses
@ -2239,6 +2273,98 @@ curl -X PATCH http://coder-server:8080/api/v2/scim/v2/Users/{id} \
To perform this operation, you must be authenticated. [Learn more](authentication.md).
## Get organization IdP Sync settings
### Code samples
```shell
# Example request using curl
curl -X GET http://coder-server:8080/api/v2/settings/idpsync/organization \
-H 'Accept: application/json' \
-H 'Coder-Session-Token: API_KEY'
```
`GET /settings/idpsync/organization`
### Example responses
> 200 Response
```json
{
"field": "string",
"mapping": {
"property1": ["string"],
"property2": ["string"]
},
"organization_assign_default": true
}
```
### Responses
| Status | Meaning | Description | Schema |
| ------ | ------------------------------------------------------- | ----------- | -------------------------------------------------------------------------------- |
| 200 | [OK](https://tools.ietf.org/html/rfc7231#section-6.3.1) | OK | [codersdk.OrganizationSyncSettings](schemas.md#codersdkorganizationsyncsettings) |
To perform this operation, you must be authenticated. [Learn more](authentication.md).
## Update organization IdP Sync settings
### Code samples
```shell
# Example request using curl
curl -X PATCH http://coder-server:8080/api/v2/settings/idpsync/organization \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Coder-Session-Token: API_KEY'
```
`PATCH /settings/idpsync/organization`
> Body parameter
```json
{
"field": "string",
"mapping": {
"property1": ["string"],
"property2": ["string"]
},
"organization_assign_default": true
}
```
### Parameters
| Name | In | Type | Required | Description |
| ------ | ---- | -------------------------------------------------------------------------------- | -------- | ------------ |
| `body` | body | [codersdk.OrganizationSyncSettings](schemas.md#codersdkorganizationsyncsettings) | true | New settings |
### Example responses
> 200 Response
```json
{
"field": "string",
"mapping": {
"property1": ["string"],
"property2": ["string"]
},
"organization_assign_default": true
}
```
### Responses
| Status | Meaning | Description | Schema |
| ------ | ------------------------------------------------------- | ----------- | -------------------------------------------------------------------------------- |
| 200 | [OK](https://tools.ietf.org/html/rfc7231#section-6.3.1) | OK | [codersdk.OrganizationSyncSettings](schemas.md#codersdkorganizationsyncsettings) |
To perform this operation, you must be authenticated. [Learn more](authentication.md).
## Get template ACLs
### Code samples

22
docs/reference/api/schemas.md generated
View File

@ -3941,6 +3941,28 @@ CreateWorkspaceRequest provides options for creating a new workspace. Only one o
| `user_id` | string | false | | |
| `username` | string | false | | |
## codersdk.OrganizationSyncSettings
```json
{
"field": "string",
"mapping": {
"property1": ["string"],
"property2": ["string"]
},
"organization_assign_default": true
}
```
### Properties
| Name | Type | Required | Restrictions | Description |
| ----------------------------- | --------------- | -------- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `field` | string | false | | Field selects the claim field to be used as the created user's organizations. If the field is the empty string, then no organization updates will ever come from the OIDC provider. |
| `mapping` | object | false | | Mapping maps from an OIDC claim --> Coder organization uuid |
| » `[any property]` | array of string | false | | |
| `organization_assign_default` | boolean | false | | Organization assign default will ensure the default org is always included for every user, regardless of their claims. This preserves legacy behavior. |
## codersdk.PatchGroupRequest
```json

32
docs/reference/cli/server.md generated
View File

@ -559,38 +559,6 @@ OIDC auth URL parameters to pass to the upstream provider.
Ignore the userinfo endpoint and only use the ID token for user information.
### --oidc-organization-field
| | |
| ----------- | ------------------------------------------- |
| Type | <code>string</code> |
| Environment | <code>$CODER_OIDC_ORGANIZATION_FIELD</code> |
| YAML | <code>oidc.organizationField</code> |
This field must be set if using the organization sync feature. Set to the claim to be used for organizations.
### --oidc-organization-assign-default
| | |
| ----------- | ---------------------------------------------------- |
| Type | <code>bool</code> |
| Environment | <code>$CODER_OIDC_ORGANIZATION_ASSIGN_DEFAULT</code> |
| YAML | <code>oidc.organizationAssignDefault</code> |
| Default | <code>true</code> |
If set to true, users will always be added to the default organization. If organization sync is enabled, then the default org is always added to the user's set of expectedorganizations.
### --oidc-organization-mapping
| | |
| ----------- | --------------------------------------------- |
| Type | <code>struct[map[string][]uuid.UUID]</code> |
| Environment | <code>$CODER_OIDC_ORGANIZATION_MAPPING</code> |
| YAML | <code>oidc.organizationMapping</code> |
| Default | <code>{}</code> |
A map of OIDC claims and the organizations in Coder it should map to. This is required because organization IDs must be used within Coder.
### --oidc-group-field
| | |