Merge pull request #4684 from AnianZ/microsoft-login

add configuration for Microsoft login
2019-12-16 10:52:16 -05:00 · 2019-12-16 10:52:16 -05:00 · bff0b81919
parent 27232ea18f a686365882
commit bff0b81919
2 changed files with 76 additions and 1 deletions
--- a/release-notes/v5.7.0.md
+++ b/release-notes/v5.7.0.md
@ -150,6 +150,10 @@ There is no configuration required to take advantage of these new improvements.

 * @evanchaoli fixed a [bug](https://github.com/concourse/concourse/pull/4655) where vault users, that hadn't configured a shared path, would end up searching the top level `prefix` path for secrets.

+#### <sub><sup><a name="4684" href="4684">:link:</a></sup></sub> feature
+
+* @anianz added support for Microsoft login via [dex](https://github.com/dexidp/dex/blob/master/Documentation/connectors/microsoft.md)
+
 #### <sub><sup><a name="4683" href="4683">:link:</a></sup></sub> fix

-* @evanchaoli fixed yet another [bug](https://github.com/concourse/concourse/pull/4683) where the builds api would return the wrong builds if you gave it a date newer than the most recent build.
+* @evanchaoli fixed yet another [bug](https://github.com/concourse/concourse/pull/4683) where the builds api would return the wrong builds if you gave it a date newer than the most recent build.
--- a/skymarshal/skycmd/microsoft_flags.go
+++ b/skymarshal/skycmd/microsoft_flags.go
@ -0,0 +1,71 @@
+package skycmd
+
+import (
+	"encoding/json"
+	"errors"
+
+	"github.com/concourse/dex/connector/microsoft"
+	multierror "github.com/hashicorp/go-multierror"
+)
+
+func init() {
+	RegisterConnector(&Connector{
+		id:         "microsoft",
+		config:     &MicrosoftFlags{},
+		teamConfig: &MicrosoftTeamFlags{},
+	})
+}
+
+type MicrosoftFlags struct {
+	ClientID           string   `long:"client-id" description:"(Required) Client id"`
+	ClientSecret       string   `long:"client-secret" description:"(Required) Client secret"`
+	Tenant             string   `long:"tenant" description:"Microsoft Tenant limitation (common, consumers, organizations, tenant name or tenant uuid)"`
+	Groups             []string `long:"groups" description:"Allowed Active Directory Groups"`
+	OnlySecurityGroups bool     `long:"only-security-groups" description:"Only fetch security groups"`
+}
+
+func (flag *MicrosoftFlags) Name() string {
+	return "Microsoft"
+}
+
+func (flag *MicrosoftFlags) Validate() error {
+	var errs *multierror.Error
+
+	if flag.ClientID == "" {
+		errs = multierror.Append(errs, errors.New("Missing client-id"))
+	}
+
+	if flag.ClientSecret == "" {
+		errs = multierror.Append(errs, errors.New("Missing client-secret"))
+	}
+
+	return errs.ErrorOrNil()
+}
+
+func (flag *MicrosoftFlags) Serialize(redirectURI string) ([]byte, error) {
+	if err := flag.Validate(); err != nil {
+		return nil, err
+	}
+
+	return json.Marshal(microsoft.Config{
+		ClientID:           flag.ClientID,
+		ClientSecret:       flag.ClientSecret,
+		RedirectURI:        redirectURI,
+		Tenant:             flag.Tenant,
+		Groups:             flag.Groups,
+		OnlySecurityGroups: flag.OnlySecurityGroups,
+	})
+}
+
+type MicrosoftTeamFlags struct {
+	Users  []string `long:"user" description:"A whitelisted Microsoft user" value-name:"USERNAME"`
+	Groups []string `long:"group" description:"A whitelisted Microsoft group" value-name:"GROUP_NAME"`
+}
+
+func (flag *MicrosoftTeamFlags) GetUsers() []string {
+	return flag.Users
+}
+
+func (flag *MicrosoftTeamFlags) GetGroups() []string {
+	return flag.Groups
+}