Configurable team name field for GitHub connector
This commit is contained in:
parent
bb75dcd793
commit
bf39130bab
2 changed files with 33 additions and 9 deletions
|
@ -28,6 +28,7 @@ connectors:
|
||||||
clientID: $GITHUB_CLIENT_ID
|
clientID: $GITHUB_CLIENT_ID
|
||||||
clientSecret: $GITHUB_CLIENT_SECRET
|
clientSecret: $GITHUB_CLIENT_SECRET
|
||||||
redirectURI: http://127.0.0.1:5556/dex/callback
|
redirectURI: http://127.0.0.1:5556/dex/callback
|
||||||
|
|
||||||
# Optional organizations and teams, communicated through the "groups" scope.
|
# Optional organizations and teams, communicated through the "groups" scope.
|
||||||
#
|
#
|
||||||
# NOTE: This is an EXPERIMENTAL config option and will likely change.
|
# NOTE: This is an EXPERIMENTAL config option and will likely change.
|
||||||
|
@ -51,6 +52,14 @@ connectors:
|
||||||
teams:
|
teams:
|
||||||
- red-team
|
- red-team
|
||||||
- blue-team
|
- blue-team
|
||||||
|
|
||||||
|
# Optional choice between 'name' (default) or 'slug'.
|
||||||
|
#
|
||||||
|
# As an example, group claims for member of 'Site Reliability Engineers' in
|
||||||
|
# Acme organization would yield:
|
||||||
|
# - ['acme:Site Reliability Engineers'] for 'name'
|
||||||
|
# - ['acme:site-reliability-engineers'] for 'slug'
|
||||||
|
teamNameField: slug
|
||||||
```
|
```
|
||||||
|
|
||||||
## GitHub Enterprise
|
## GitHub Enterprise
|
||||||
|
|
|
@ -40,13 +40,14 @@ var reLast = regexp.MustCompile("<([^>]+)>; rel=\"last\"")
|
||||||
|
|
||||||
// Config holds configuration options for github logins.
|
// Config holds configuration options for github logins.
|
||||||
type Config struct {
|
type Config struct {
|
||||||
ClientID string `json:"clientID"`
|
ClientID string `json:"clientID"`
|
||||||
ClientSecret string `json:"clientSecret"`
|
ClientSecret string `json:"clientSecret"`
|
||||||
RedirectURI string `json:"redirectURI"`
|
RedirectURI string `json:"redirectURI"`
|
||||||
Org string `json:"org"`
|
Org string `json:"org"`
|
||||||
Orgs []Org `json:"orgs"`
|
Orgs []Org `json:"orgs"`
|
||||||
HostName string `json:"hostName"`
|
HostName string `json:"hostName"`
|
||||||
RootCA string `json:"rootCA"`
|
RootCA string `json:"rootCA"`
|
||||||
|
TeamNameField string `json:"teamNameField"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// Org holds org-team filters, in which teams are optional.
|
// Org holds org-team filters, in which teams are optional.
|
||||||
|
@ -107,6 +108,13 @@ func (c *Config) Open(id string, logger logrus.FieldLogger) (connector.Connector
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
switch c.TeamNameField {
|
||||||
|
case "name", "slug", "":
|
||||||
|
g.teamNameField = c.TeamNameField
|
||||||
|
default:
|
||||||
|
return nil, fmt.Errorf("invalid connector config: unsupported team name field value `%s`", c.TeamNameField)
|
||||||
|
}
|
||||||
|
|
||||||
return &g, nil
|
return &g, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -134,7 +142,8 @@ type githubConnector struct {
|
||||||
// Used to support untrusted/self-signed CA certs.
|
// Used to support untrusted/self-signed CA certs.
|
||||||
rootCA string
|
rootCA string
|
||||||
// HTTP Client that trusts the custom delcared rootCA cert.
|
// HTTP Client that trusts the custom delcared rootCA cert.
|
||||||
httpClient *http.Client
|
httpClient *http.Client
|
||||||
|
teamNameField string
|
||||||
}
|
}
|
||||||
|
|
||||||
// groupsRequired returns whether dex requires GitHub's 'read:org' scope. Dex
|
// groupsRequired returns whether dex requires GitHub's 'read:org' scope. Dex
|
||||||
|
@ -566,6 +575,7 @@ type team struct {
|
||||||
Org struct {
|
Org struct {
|
||||||
Login string `json:"login"`
|
Login string `json:"login"`
|
||||||
} `json:"organization"`
|
} `json:"organization"`
|
||||||
|
Slug string `json:"slug"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// teamsForOrg queries the GitHub API for team membership within a specific organization.
|
// teamsForOrg queries the GitHub API for team membership within a specific organization.
|
||||||
|
@ -586,7 +596,12 @@ func (c *githubConnector) teamsForOrg(ctx context.Context, client *http.Client,
|
||||||
|
|
||||||
for _, team := range teams {
|
for _, team := range teams {
|
||||||
if team.Org.Login == orgName {
|
if team.Org.Login == orgName {
|
||||||
groups = append(groups, team.Name)
|
switch c.teamNameField {
|
||||||
|
case "name", "":
|
||||||
|
groups = append(groups, team.Name)
|
||||||
|
case "slug":
|
||||||
|
groups = append(groups, team.Slug)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Reference in a new issue