mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
Auth: Added support to filter for parent teams in GitHub connector's team membership filter (#86754)
* added changes for parent teams in team_ids. see https://github.com/grafana/grafana/issues/85916 Signed-off-by: Syed Nihal <syed.nihal@nokia.com> * added unit test Signed-off-by: Syed Nihal <syed.nihal@nokia.com> * addressed review comments to consider case where parent object can be null Signed-off-by: Syed Nihal <syed.nihal@nokia.com> * addressed review comment Signed-off-by: Syed Nihal <syed.nihal@nokia.com> --------- Signed-off-by: Syed Nihal <syed.nihal@nokia.com>
This commit is contained in:
parent
2d8570e85e
commit
5fb87de321
@ -45,6 +45,9 @@ type GithubTeam struct {
|
||||
Organization struct {
|
||||
Login string `json:"login"`
|
||||
} `json:"organization"`
|
||||
Parent *struct {
|
||||
Id int `json:"id"`
|
||||
} `json:"parent"`
|
||||
}
|
||||
|
||||
var (
|
||||
@ -144,7 +147,7 @@ func (s *SocialGithub) isTeamMember(ctx context.Context, client *http.Client) bo
|
||||
|
||||
for _, teamId := range s.teamIds {
|
||||
for _, membership := range teamMemberships {
|
||||
if teamId == membership.Id {
|
||||
if teamId == membership.Id || (membership.Parent != nil && teamId == membership.Parent.Id) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
@ -34,7 +34,6 @@ const testGHUserTeamsJSON = `[
|
||||
"permission": "admin",
|
||||
"members_url": "https://api.github.com/teams/1/members{/member}",
|
||||
"repositories_url": "https://api.github.com/teams/1/repos",
|
||||
"parent": null,
|
||||
"members_count": 3,
|
||||
"repos_count": 10,
|
||||
"created_at": "2017-07-14T16:53:42Z",
|
||||
@ -68,7 +67,21 @@ const testGHUserTeamsJSON = `[
|
||||
"created_at": "2008-01-14T04:33:35Z",
|
||||
"updated_at": "2017-08-17T12:37:15Z",
|
||||
"type": "Organization"
|
||||
}
|
||||
},
|
||||
"parent": {
|
||||
"name": "DC",
|
||||
"id": 99,
|
||||
"node_id": "bm9kZTIyCg==",
|
||||
"slug": "dc",
|
||||
"description": "",
|
||||
"privacy": "closed",
|
||||
"notification_setting": "notifications_enabled",
|
||||
"url": "https://api.github.com/organizations/github/team/2",
|
||||
"html_url": "https://github.com/orgs/github/teams/dc",
|
||||
"members_url": "https://api.github.com/orgs/github/members{/member}",
|
||||
"repositories_url": "https://api.github.com/teams/2/repos",
|
||||
"permission": "pull"
|
||||
}
|
||||
}
|
||||
]`
|
||||
|
||||
@ -132,6 +145,7 @@ func TestSocialGitHub_UserInfo(t *testing.T) {
|
||||
autoAssignOrgRole string
|
||||
want *social.BasicUserInfo
|
||||
wantErr bool
|
||||
oAuthExtraInfo map[string]string
|
||||
}{
|
||||
{
|
||||
name: "Basic User info",
|
||||
@ -225,6 +239,25 @@ func TestSocialGitHub_UserInfo(t *testing.T) {
|
||||
Groups: []string{"https://github.com/orgs/github/teams/justice-league", "@github/justice-league"},
|
||||
},
|
||||
},
|
||||
{
|
||||
// see: https://github.com/grafana/grafana/issues/85916
|
||||
name: "should check parent team id for team membership",
|
||||
roleAttributePath: "",
|
||||
userRawJSON: testGHUserJSON,
|
||||
autoAssignOrgRole: "Editor",
|
||||
userTeamsRawJSON: testGHUserTeamsJSON,
|
||||
oAuthExtraInfo: map[string]string{
|
||||
"team_ids": "99",
|
||||
},
|
||||
want: &social.BasicUserInfo{
|
||||
Id: "1",
|
||||
Name: "monalisa octocat",
|
||||
Email: "octocat@github.com",
|
||||
Login: "octocat",
|
||||
Role: "Editor",
|
||||
Groups: []string{"https://github.com/orgs/github/teams/justice-league", "@github/justice-league"},
|
||||
},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
@ -250,10 +283,7 @@ func TestSocialGitHub_UserInfo(t *testing.T) {
|
||||
ApiUrl: server.URL + "/user",
|
||||
RoleAttributePath: tt.roleAttributePath,
|
||||
SkipOrgRoleSync: tt.settingSkipOrgRoleSync,
|
||||
Extra: map[string]string{
|
||||
"allowed_organizations": "",
|
||||
"team_ids": "",
|
||||
},
|
||||
Extra: tt.oAuthExtraInfo,
|
||||
}, &setting.Cfg{
|
||||
AutoAssignOrgRole: tt.autoAssignOrgRole,
|
||||
}, &ssosettingstests.MockService{},
|
||||
|
Loading…
Reference in New Issue
Block a user