Change how gitlab-group is parsed on options (#639)

* Changed how gitlab-group is parsed, from string to []string See #637 * Point out that gitlab-group can be a list See #637 * Reflect to the []string change on pkg/apis/options/options.go See #637 * Move cfg option gitlab_group to gitlab_groups See #637 * Renamed Group to Groups See #637 * Reflect the change on gitlab.go as well See #637 * Added #639 * Added the author of #639 to the CHANGELOG * Add the gitlab_groups env change to CHANGELOG.md See #639 Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2025-12-01 22:51:45 +02:00 · 2020-06-27 01:26:07 +03:00
parent daedbbd353
commit 1b6c54cae1
6 changed files with 16 additions and 11 deletions
--- a/providers/gitlab.go
+++ b/providers/gitlab.go
@@ -18,7 +18,7 @@ import (
 type GitLabProvider struct {
 	*ProviderData

-	Group        string
+	Groups       []string
 	EmailDomains []string

 	Verifier             *oidc.IDTokenVerifier
@@ -162,7 +162,7 @@ func (p *GitLabProvider) getUserInfo(ctx context.Context, s *sessions.SessionSta
 }

 func (p *GitLabProvider) verifyGroupMembership(userInfo *gitlabUserInfo) error {
-	if p.Group == "" {
+	if len(p.Groups) == 0 {
 		return nil
 	}

@@ -173,14 +173,13 @@ func (p *GitLabProvider) verifyGroupMembership(userInfo *gitlabUserInfo) error {
 	}

 	// Find a valid group that they are a member of
-	validGroups := strings.Split(p.Group, " ")
-	for _, validGroup := range validGroups {
+	for _, validGroup := range p.Groups {
 		if _, ok := membershipSet[validGroup]; ok {
 			return nil
 		}
 	}

-	return fmt.Errorf("user is not a member of '%s'", p.Group)
+	return fmt.Errorf("user is not a member of '%s'", p.Groups)
 }

 func (p *GitLabProvider) verifyEmailDomain(userInfo *gitlabUserInfo) error {