Add OIDC role sync config (OIDC_ADMIN_GROUP_NAME, OIDC_GROUPS_CLAIM)

Mv.OidcRoleSyncConfig reads from config; runtime.exs overrides from ENV in prod.
2026-02-04 16:15:47 +01:00 · 2026-02-04 16:15:47 +01:00 · a6e35da0f7
commit a6e35da0f7
parent 50c8a0dc9a
4 changed files with 83 additions and 0 deletions
--- a/test/mv/oidc_role_sync_config_test.exs
+++ b/test/mv/oidc_role_sync_config_test.exs
@ -0,0 +1,49 @@
+defmodule Mv.OidcRoleSyncConfigTest do
+  @moduledoc """
+  Tests for OIDC role sync configuration (OIDC_ADMIN_GROUP_NAME, OIDC_GROUPS_CLAIM).
+  """
+  use ExUnit.Case, async: false
+
+  alias Mv.OidcRoleSyncConfig
+
+  describe "oidc_admin_group_name/0" do
+    test "returns nil when OIDC_ADMIN_GROUP_NAME is not configured" do
+      restore = put_config(admin_group_name: nil)
+      on_exit(restore)
+
+      assert OidcRoleSyncConfig.oidc_admin_group_name() == nil
+    end
+
+    test "returns configured admin group name when set" do
+      restore = put_config(admin_group_name: "mila-admin")
+      on_exit(restore)
+
+      assert OidcRoleSyncConfig.oidc_admin_group_name() == "mila-admin"
+    end
+  end
+
+  describe "oidc_groups_claim/0" do
+    test "returns default \"groups\" when OIDC_GROUPS_CLAIM is not configured" do
+      restore = put_config(groups_claim: nil)
+      on_exit(restore)
+
+      assert OidcRoleSyncConfig.oidc_groups_claim() == "groups"
+    end
+
+    test "returns configured claim name when OIDC_GROUPS_CLAIM is set" do
+      restore = put_config(groups_claim: "ak_groups")
+      on_exit(restore)
+
+      assert OidcRoleSyncConfig.oidc_groups_claim() == "ak_groups"
+    end
+  end
+
+  defp put_config(opts) do
+    current = Application.get_env(:mv, :oidc_role_sync, [])
+    Application.put_env(:mv, :oidc_role_sync, Keyword.merge(current, opts))
+
+    fn ->
+      Application.put_env(:mv, :oidc_role_sync, current)
+    end
+  end
+end