trying to figure out how to initialize both AGPL and enterprise

Emyrk · Emyrk · commit eb1d073a2c7d · 2024-08-28T09:39:25.000-05:00
diff --git a/cli/server.go b/cli/server.go
@@ -170,6 +170,13 @@ func createOIDCConfig(ctx context.Context, logger slog.Logger, vals *codersdk.De
 		groupAllowList[group] = true
 	}
 
+	idpSyncSetting := idpsync.SyncSettings{
+		OrganizationField:         vals.OIDC.OrganizationField.Value(),
+		OrganizationMapping:       vals.OIDC.OrganizationMapping.Value,
+		OrganizationAssignDefault: vals.OIDC.OrganizationAssignDefault.Value(),
+	}
+	syncer.Configure(idpSyncSetting)
+
 	return &coderd.OIDCConfig{
 		OAuth2Config: useCfg,
 		Provider:     oidcProvider,
@@ -198,11 +205,7 @@ func createOIDCConfig(ctx context.Context, logger slog.Logger, vals *codersdk.De
 		SignupsDisabledText: vals.OIDC.SignupsDisabledText.String(),
 		IconURL:             vals.OIDC.IconURL.String(),
 		IgnoreEmailVerified: vals.OIDC.IgnoreEmailVerified.Value(),
-		IDPSync: idpsync.NewSync(logger, idpsync.SyncSettings{
-			OrganizationField:         vals.OIDC.OrganizationField.Value(),
-			OrganizationMapping:       vals.OIDC.OrganizationMapping.Value,
-			OrganizationAssignDefault: vals.OIDC.OrganizationAssignDefault.Value(),
-		}),
+		IDPSync:             syncer,
 	}, nil
 }
 
diff --git a/coderd/idpsync/idpsync.go b/coderd/idpsync/idpsync.go
@@ -16,6 +16,11 @@ import (
 )
 
 type IDPSync interface {
+	// Configure is a method on the struct only because it is easier to configure
+	// from the AGPL initialization. For the enterprise code to get these settings,
+	// it makes sense to have the AGPL call 'Configure' rather than duplicate
+	// the code to create these settings.
+	Configure(settings SyncSettings)
 	// ParseOrganizationClaims takes claims from an OIDC provider, and returns the
 	// organization sync params for assigning users into organizations.
 	ParseOrganizationClaims(ctx context.Context, _ map[string]interface{}) (OrganizationParams, *HttpError)
@@ -45,13 +50,20 @@ type SyncSettings struct {
 	OrganizationAssignDefault bool
 }
 
-func NewSync(logger slog.Logger, settings SyncSettings) *AGPLIDPSync {
+func NewSync(logger slog.Logger) *AGPLIDPSync {
 	return &AGPLIDPSync{
-		Logger:       logger.Named("idp-sync"),
-		SyncSettings: settings,
+		Logger: logger.Named("idp-sync"),
+		SyncSettings: SyncSettings{
+			// A sane default
+			OrganizationAssignDefault: true,
+		},
 	}
 }
 
+func (s *AGPLIDPSync) Configure(settings SyncSettings) {
+	s.SyncSettings = settings
+}
+
 // ParseStringSliceClaim parses the claim for groups and roles, expected []string.
 //
 // Some providers like ADFS return a single string instead of an array if there
diff --git a/coderd/idpsync/organization.go b/coderd/idpsync/organization.go
@@ -19,7 +19,7 @@ func (s AGPLIDPSync) ParseOrganizationClaims(ctx context.Context, _ map[string]i
 	// nolint:gocritic // all syncing is done as a system user
 	ctx = dbauthz.AsSystemRestricted(ctx)
 
-	// For AGPL we only rely on 'OrganizationAlwaysAssign'
+	// For AGPL we only sync the default organization.
 	return OrganizationParams{
 		SyncEnabled:    false,
 		IncludeDefault: s.OrganizationAssignDefault,
diff --git a/coderd/userauth.go b/coderd/userauth.go
@@ -1026,6 +1026,12 @@ func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	orgSync, orgSyncErr := api.OIDCConfig.IDPSync.ParseOrganizationClaims(ctx, mergedClaims)
+	if orgSyncErr != nil {
+		orgSyncErr.Write(rw, r)
+		return
+	}
+
 	// If a new user is authenticating for the first time
 	// the audit action is 'register', not 'login'
 	if user.ID == uuid.Nil {
@@ -1047,6 +1053,7 @@ func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
 		Roles:               roles,
 		UsingGroups:         usingGroups,
 		Groups:              groups,
+		OrganizationSync:    orgSync,
 		CreateMissingGroups: api.OIDCConfig.CreateMissingGroups,
 		GroupFilter:         api.OIDCConfig.GroupFilter,
 		DebugContext: OauthDebugContext{
diff --git a/enterprise/coderd/enidpsync/enidpsync.go b/enterprise/coderd/enidpsync/enidpsync.go
@@ -12,9 +12,9 @@ type EnterpriseIDPSync struct {
 	agpl         *idpsync.AGPLIDPSync
 }
 
-func NewSync(logger slog.Logger, entitlements *entitlements.Set, settings idpsync.SyncSettings) *EnterpriseIDPSync {
+func NewSync(logger slog.Logger, entitlements *entitlements.Set) *EnterpriseIDPSync {
 	return &EnterpriseIDPSync{
 		entitlements: entitlements,
-		agpl:         idpsync.NewSync(logger, settings),
+		agpl:         idpsync.NewSync(logger),
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -12,9 +12,9 @@ type EnterpriseIDPSync struct {`
`12`	`12`	`agpl *idpsync.AGPLIDPSync`
`13`	`13`	`}`
`14`	`14`
`15`		`-func NewSync(logger slog.Logger, entitlements entitlements.Set, settings idpsync.SyncSettings) EnterpriseIDPSync {`
	`15`	`+func NewSync(logger slog.Logger, entitlements entitlements.Set) EnterpriseIDPSync {`
`16`	`16`	`return &EnterpriseIDPSync{`
`17`	`17`	`entitlements: entitlements,`
`18`		`- agpl: idpsync.NewSync(logger, settings),`
	`18`	`+ agpl: idpsync.NewSync(logger),`
`19`	`19`	`}`
`20`	`20`	`}`