forked from mystiq/dex
fix: Replace teams endpoint for bitbucket connector
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
This commit is contained in:
parent
d4c3a3505d
commit
4b94469547
3 changed files with 15 additions and 11 deletions
|
@ -10,7 +10,7 @@ When a client redeems a refresh token through dex, dex will re-query Bitbucket t
|
|||
|
||||
Register a new OAuth consumer with [Bitbucket](https://confluence.atlassian.com/bitbucket/oauth-on-bitbucket-cloud-238027431.html) ensuring the callback URL is `(dex issuer)/callback`. For example if dex is listening at the non-root path `https://auth.example.com/dex` the callback would be `https://auth.example.com/dex/callback`.
|
||||
|
||||
The application requires the user to grant the `Read Account` and `Read Team membership` permissions. The latter is required only if group membership is a desired claim.
|
||||
The application requires the user to grant only the `Read Account` permission.
|
||||
|
||||
The following is an example of a configuration for `examples/config-dev.yaml`:
|
||||
|
||||
|
|
|
@ -362,10 +362,14 @@ func (b *bitbucketConnector) getGroups(ctx context.Context, client *http.Client,
|
|||
return nil, nil
|
||||
}
|
||||
|
||||
type team struct {
|
||||
type teamName struct {
|
||||
Name string `json:"username"` // The "username" from Bitbucket Cloud is actually the team name here
|
||||
}
|
||||
|
||||
type team struct {
|
||||
Team teamName `json:"team"`
|
||||
}
|
||||
|
||||
type userTeamsResponse struct {
|
||||
pagedResponse
|
||||
Values []team
|
||||
|
@ -373,18 +377,18 @@ type userTeamsResponse struct {
|
|||
|
||||
func (b *bitbucketConnector) userTeams(ctx context.Context, client *http.Client) ([]string, error) {
|
||||
var teams []string
|
||||
apiURL := b.apiURL + "/teams?role=member"
|
||||
apiURL := b.apiURL + "/user/permissions/teams"
|
||||
|
||||
for {
|
||||
// https://developer.atlassian.com/bitbucket/api/2/reference/resource/teams
|
||||
// https://developer.atlassian.com/bitbucket/api/2/reference/resource/user/permissions/teams
|
||||
var response userTeamsResponse
|
||||
|
||||
if err := get(ctx, client, apiURL, &response); err != nil {
|
||||
return nil, fmt.Errorf("bitbucket: get user teams: %v", err)
|
||||
}
|
||||
|
||||
for _, team := range response.Values {
|
||||
teams = append(teams, team.Name)
|
||||
for _, value := range response.Values {
|
||||
teams = append(teams, value.Team.Name)
|
||||
}
|
||||
|
||||
if response.Next == nil {
|
||||
|
|
|
@ -21,14 +21,14 @@ func TestUserGroups(t *testing.T) {
|
|||
PageLen: 10,
|
||||
},
|
||||
Values: []team{
|
||||
{Name: "team-1"},
|
||||
{Name: "team-2"},
|
||||
{Name: "team-3"},
|
||||
{Team: teamName{Name: "team-1"}},
|
||||
{Team: teamName{Name: "team-2"}},
|
||||
{Team: teamName{Name: "team-3"}},
|
||||
},
|
||||
}
|
||||
|
||||
s := newTestServer(map[string]interface{}{
|
||||
"/teams?role=member": teamsResponse,
|
||||
"/user/permissions/teams": teamsResponse,
|
||||
})
|
||||
|
||||
connector := bitbucketConnector{apiURL: s.URL}
|
||||
|
@ -46,7 +46,7 @@ func TestUserGroups(t *testing.T) {
|
|||
|
||||
func TestUserWithoutTeams(t *testing.T) {
|
||||
s := newTestServer(map[string]interface{}{
|
||||
"/teams?role=member": userTeamsResponse{},
|
||||
"/user/permissions/teams": userTeamsResponse{},
|
||||
})
|
||||
|
||||
connector := bitbucketConnector{apiURL: s.URL}
|
||||
|
|
Loading…
Reference in a new issue