Configurable team name field for GitHub connector

8 years ago · bf39130bab
2 changed files with 33 additions and 9 deletions
--- a/Documentation/connectors/github.md
+++ b/Documentation/connectors/github.md
@ -28,6 +28,7 @@ connectors:
    clientID: $GITHUB_CLIENT_ID
    clientSecret: $GITHUB_CLIENT_SECRET
    redirectURI: http://127.0.0.1:5556/dex/callback
+
    # Optional organizations and teams, communicated through the "groups" scope.
    #
    # NOTE: This is an EXPERIMENTAL config option and will likely change.
@ -51,6 +52,14 @@ connectors:
      teams:
      - red-team
      - blue-team
+
+    # Optional choice between 'name' (default) or 'slug'.
+    #
+    # As an example, group claims for member of 'Site Reliability Engineers' in
+    # Acme organization would yield:
+    #   - ['acme:Site Reliability Engineers'] for 'name'
+    #   - ['acme:site-reliability-engineers'] for 'slug'
+    teamNameField: slug
 ```

 ## GitHub Enterprise
--- a/connector/github/github.go
+++ b/connector/github/github.go
@ -40,13 +40,14 @@ var reLast = regexp.MustCompile("<([^>]+)>; rel=\"last\"")

 // Config holds configuration options for github logins.
 type Config struct {
-	ClientID     string `json:"clientID"`
-	ClientSecret string `json:"clientSecret"`
-	RedirectURI  string `json:"redirectURI"`
-	Org          string `json:"org"`
-	Orgs         []Org  `json:"orgs"`
-	HostName     string `json:"hostName"`
-	RootCA       string `json:"rootCA"`
+	ClientID      string `json:"clientID"`
+	ClientSecret  string `json:"clientSecret"`
+	RedirectURI   string `json:"redirectURI"`
+	Org           string `json:"org"`
+	Orgs          []Org  `json:"orgs"`
+	HostName      string `json:"hostName"`
+	RootCA        string `json:"rootCA"`
+	TeamNameField string `json:"teamNameField"`
 }

 // Org holds org-team filters, in which teams are optional.
@ -107,6 +108,13 @@ func (c *Config) Open(id string, logger logrus.FieldLogger) (connector.Connector

 	}

+	switch c.TeamNameField {
+	case "name", "slug", "":
+		g.teamNameField = c.TeamNameField
+	default:
+		return nil, fmt.Errorf("invalid connector config: unsupported team name field value `%s`", c.TeamNameField)
+	}
+
 	return &g, nil
 }

@ -134,7 +142,8 @@ type githubConnector struct {
 	// Used to support untrusted/self-signed CA certs.
 	rootCA string
 	// HTTP Client that trusts the custom delcared rootCA cert.
-	httpClient *http.Client
+	httpClient    *http.Client
+	teamNameField string
 }

 // groupsRequired returns whether dex requires GitHub's 'read:org' scope. Dex
@ -566,6 +575,7 @@ type team struct {
 	Org  struct {
 		Login string `json:"login"`
 	} `json:"organization"`
+	Slug string `json:"slug"`
 }

 // teamsForOrg queries the GitHub API for team membership within a specific organization.
@ -586,7 +596,12 @@ func (c *githubConnector) teamsForOrg(ctx context.Context, client *http.Client,

 		for _, team := range teams {
 			if team.Org.Login == orgName {
-				groups = append(groups, team.Name)
+				switch c.teamNameField {
+				case "name", "":
+					groups = append(groups, team.Name)
+				case "slug":
+					groups = append(groups, team.Slug)
+				}
 			}
 		}