Configurable team name field for GitHub connector

This commit is contained in:
Taras Burko 2018-09-13 16:35:02 +03:00
parent bb75dcd793
commit bf39130bab
2 changed files with 33 additions and 9 deletions

View file

@ -28,6 +28,7 @@ connectors:
clientID: $GITHUB_CLIENT_ID clientID: $GITHUB_CLIENT_ID
clientSecret: $GITHUB_CLIENT_SECRET clientSecret: $GITHUB_CLIENT_SECRET
redirectURI: http://127.0.0.1:5556/dex/callback redirectURI: http://127.0.0.1:5556/dex/callback
# Optional organizations and teams, communicated through the "groups" scope. # Optional organizations and teams, communicated through the "groups" scope.
# #
# NOTE: This is an EXPERIMENTAL config option and will likely change. # NOTE: This is an EXPERIMENTAL config option and will likely change.
@ -51,6 +52,14 @@ connectors:
teams: teams:
- red-team - red-team
- blue-team - blue-team
# Optional choice between 'name' (default) or 'slug'.
#
# As an example, group claims for member of 'Site Reliability Engineers' in
# Acme organization would yield:
# - ['acme:Site Reliability Engineers'] for 'name'
# - ['acme:site-reliability-engineers'] for 'slug'
teamNameField: slug
``` ```
## GitHub Enterprise ## GitHub Enterprise

View file

@ -40,13 +40,14 @@ var reLast = regexp.MustCompile("<([^>]+)>; rel=\"last\"")
// Config holds configuration options for github logins. // Config holds configuration options for github logins.
type Config struct { type Config struct {
ClientID string `json:"clientID"` ClientID string `json:"clientID"`
ClientSecret string `json:"clientSecret"` ClientSecret string `json:"clientSecret"`
RedirectURI string `json:"redirectURI"` RedirectURI string `json:"redirectURI"`
Org string `json:"org"` Org string `json:"org"`
Orgs []Org `json:"orgs"` Orgs []Org `json:"orgs"`
HostName string `json:"hostName"` HostName string `json:"hostName"`
RootCA string `json:"rootCA"` RootCA string `json:"rootCA"`
TeamNameField string `json:"teamNameField"`
} }
// Org holds org-team filters, in which teams are optional. // Org holds org-team filters, in which teams are optional.
@ -107,6 +108,13 @@ func (c *Config) Open(id string, logger logrus.FieldLogger) (connector.Connector
} }
switch c.TeamNameField {
case "name", "slug", "":
g.teamNameField = c.TeamNameField
default:
return nil, fmt.Errorf("invalid connector config: unsupported team name field value `%s`", c.TeamNameField)
}
return &g, nil return &g, nil
} }
@ -134,7 +142,8 @@ type githubConnector struct {
// Used to support untrusted/self-signed CA certs. // Used to support untrusted/self-signed CA certs.
rootCA string rootCA string
// HTTP Client that trusts the custom delcared rootCA cert. // HTTP Client that trusts the custom delcared rootCA cert.
httpClient *http.Client httpClient *http.Client
teamNameField string
} }
// groupsRequired returns whether dex requires GitHub's 'read:org' scope. Dex // groupsRequired returns whether dex requires GitHub's 'read:org' scope. Dex
@ -566,6 +575,7 @@ type team struct {
Org struct { Org struct {
Login string `json:"login"` Login string `json:"login"`
} `json:"organization"` } `json:"organization"`
Slug string `json:"slug"`
} }
// teamsForOrg queries the GitHub API for team membership within a specific organization. // teamsForOrg queries the GitHub API for team membership within a specific organization.
@ -586,7 +596,12 @@ func (c *githubConnector) teamsForOrg(ctx context.Context, client *http.Client,
for _, team := range teams { for _, team := range teams {
if team.Org.Login == orgName { if team.Org.Login == orgName {
groups = append(groups, team.Name) switch c.teamNameField {
case "name", "":
groups = append(groups, team.Name)
case "slug":
groups = append(groups, team.Slug)
}
} }
} }