github: add 'both' team name field option

this will result in both the team name *and* the team slug being
returned for each team, allowing a bit more flexibility in auth
validation.

Signed-off-by: Topher Bullock <tbullock@pivotal.io>
Signed-off-by: Alex Suraci <suraci.alex@gmail.com>
This commit is contained in:
Josh Winters 2018-10-04 17:22:45 -04:00 committed by Alex Suraci
parent b1fd2fa8b1
commit bb11a1ebee
3 changed files with 38 additions and 12 deletions

View file

@ -59,12 +59,13 @@ connectors:
# Flag which indicates that all user groups and teams should be loaded.
loadAllGroups: false
# Optional choice between 'name' (default) or 'slug'.
# Optional choice between 'name' (default), 'slug', or 'both'.
#
# As an example, group claims for member of 'Site Reliability Engineers' in
# Acme organization would yield:
# - ['acme:Site Reliability Engineers'] for 'name'
# - ['acme:site-reliability-engineers'] for 'slug'
# - ['acme:Site Reliability Engineers', 'acme:site-reliability-engineers'] for 'both'
teamNameField: slug
```

View file

@ -16,11 +16,10 @@ import (
"strings"
"time"
"github.com/sirupsen/logrus"
"golang.org/x/oauth2"
"golang.org/x/oauth2/github"
"github.com/sirupsen/logrus"
"github.com/dexidp/dex/connector"
)
@ -111,7 +110,7 @@ func (c *Config) Open(id string, logger logrus.FieldLogger) (connector.Connector
g.loadAllGroups = c.LoadAllGroups
switch c.TeamNameField {
case "name", "slug", "":
case "name", "slug", "both", "":
g.teamNameField = c.TeamNameField
default:
return nil, fmt.Errorf("invalid connector config: unsupported team name field value `%s`", c.TeamNameField)
@ -449,7 +448,7 @@ func (c *githubConnector) userOrgTeams(ctx context.Context, client *http.Client)
}
for _, t := range teams {
groups[t.Org.Login] = append(groups[t.Org.Login], c.teamGroupClaim(t))
groups[t.Org.Login] = append(groups[t.Org.Login], c.teamGroupClaims(t)...)
}
if apiURL == "" {
@ -686,7 +685,7 @@ func (c *githubConnector) teamsForOrg(ctx context.Context, client *http.Client,
for _, t := range teams {
if t.Org.Login == orgName {
groups = append(groups, c.teamGroupClaim(t))
groups = append(groups, c.teamGroupClaims(t)...)
}
}
@ -698,12 +697,16 @@ func (c *githubConnector) teamsForOrg(ctx context.Context, client *http.Client,
return groups, nil
}
// teamGroupClaim returns team slag if 'teamNameField; option is set to 'slug' otherwise returns team name.
func (c *githubConnector) teamGroupClaim(t team) string {
// teamGroupClaims returns team slug if 'teamNameField' option is set to
// 'slug', returns the slug *and* name if set to 'both', otherwise returns team
// name.
func (c *githubConnector) teamGroupClaims(t team) []string {
switch c.teamNameField {
case "both":
return []string{t.Name, t.Slug}
case "slug":
return t.Slug
return []string{t.Slug}
default:
return t.Name
return []string{t.Name}
}
}

View file

@ -64,7 +64,6 @@ func TestUserGroups(t *testing.T) {
}
func TestUserGroupsWithoutOrgs(t *testing.T) {
s := newTestServer(map[string]testResponse{
"/user/orgs": {data: []org{}},
"/user/teams": {data: []team{}},
@ -76,7 +75,6 @@ func TestUserGroupsWithoutOrgs(t *testing.T) {
expectNil(t, err)
expectEquals(t, len(groups), 0)
}
func TestUserGroupsWithTeamNameFieldConfig(t *testing.T) {
@ -102,6 +100,30 @@ func TestUserGroupsWithTeamNameFieldConfig(t *testing.T) {
})
}
func TestUserGroupsWithTeamNameAndSlugFieldConfig(t *testing.T) {
s := newTestServer(map[string]testResponse{
"/user/orgs": {
data: []org{{Login: "org-1"}},
},
"/user/teams": {
data: []team{
{Name: "Team 1", Slug: "team-1", Org: org{Login: "org-1"}},
},
},
})
defer s.Close()
c := githubConnector{apiURL: s.URL, teamNameField: "both"}
groups, err := c.userGroups(context.Background(), newClient())
expectNil(t, err)
expectEquals(t, groups, []string{
"org-1",
"org-1:Team 1",
"org-1:team-1",
})
}
func TestUsernameIncludedInFederatedIdentity(t *testing.T) {
s := newTestServer(map[string]testResponse{