Commit 0c751fc0 authored by ale's avatar ale

Implement static group assignments by backend

parent 5121efbf
Pipeline #851 passed with stages
in 1 minute and 6 seconds
......@@ -90,6 +90,8 @@ Each service definition is a dictionary with the following attributes:
* `file` is simply a path to a user list file, see the *File
backend* section below
* `ldap` configues the LDAP backend for this service
* `static_groups` is a list of group names that users sourced from
this backend will automatically be added to
* `challenge_response` is a boolean parameter that, when true, enables
two-factor authentication for this service (it should be enabled
only for interactive services)
......
......@@ -160,8 +160,9 @@ type requestFilter interface {
// BackendSpec specifies backend-specific configuration for a service.
type BackendSpec struct {
LDAPSpec *LDAPServiceConfig `yaml:"ldap"`
FileSpec string `yaml:"file"`
LDAPSpec *LDAPServiceConfig `yaml:"ldap"`
FileSpec string `yaml:"file"`
StaticGroups []string `yaml:"static_groups"`
}
// ServiceConfig defines the authentication backends for a service.
......@@ -385,6 +386,9 @@ func (s *Server) getUser(ctx context.Context, serviceConfig *ServiceConfig, user
for _, spec := range serviceConfig.BackendSpecs {
for _, b := range s.backends {
if user, ok := b.GetUser(ctx, spec, username); ok {
if len(spec.StaticGroups) > 0 {
user.Groups = append(user.Groups, spec.StaticGroups...)
}
return user, true
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment