Commit 0c751fc0 authored by ale's avatar ale
Browse files

Implement static group assignments by backend

parent 5121efbf
...@@ -90,6 +90,8 @@ Each service definition is a dictionary with the following attributes: ...@@ -90,6 +90,8 @@ Each service definition is a dictionary with the following attributes:
* `file` is simply a path to a user list file, see the *File * `file` is simply a path to a user list file, see the *File
backend* section below backend* section below
* `ldap` configues the LDAP backend for this service * `ldap` configues the LDAP backend for this service
* `static_groups` is a list of group names that users sourced from
this backend will automatically be added to
* `challenge_response` is a boolean parameter that, when true, enables * `challenge_response` is a boolean parameter that, when true, enables
two-factor authentication for this service (it should be enabled two-factor authentication for this service (it should be enabled
only for interactive services) only for interactive services)
......
...@@ -160,8 +160,9 @@ type requestFilter interface { ...@@ -160,8 +160,9 @@ type requestFilter interface {
// BackendSpec specifies backend-specific configuration for a service. // BackendSpec specifies backend-specific configuration for a service.
type BackendSpec struct { type BackendSpec struct {
LDAPSpec *LDAPServiceConfig `yaml:"ldap"` LDAPSpec *LDAPServiceConfig `yaml:"ldap"`
FileSpec string `yaml:"file"` FileSpec string `yaml:"file"`
StaticGroups []string `yaml:"static_groups"`
} }
// ServiceConfig defines the authentication backends for a service. // ServiceConfig defines the authentication backends for a service.
...@@ -385,6 +386,9 @@ func (s *Server) getUser(ctx context.Context, serviceConfig *ServiceConfig, user ...@@ -385,6 +386,9 @@ func (s *Server) getUser(ctx context.Context, serviceConfig *ServiceConfig, user
for _, spec := range serviceConfig.BackendSpecs { for _, spec := range serviceConfig.BackendSpecs {
for _, b := range s.backends { for _, b := range s.backends {
if user, ok := b.GetUser(ctx, spec, username); ok { if user, ok := b.GetUser(ctx, spec, username); ok {
if len(spec.StaticGroups) > 0 {
user.Groups = append(user.Groups, spec.StaticGroups...)
}
return user, true return user, true
} }
} }
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment