Skip to content

G
gitlab-ce
Commit 1b0e045d authored by Douwe Maan's avatar Douwe Maan
Browse files
Options

Merge branch 'dblessing/gitlab-ee-group_sync_now'

parents 3d8e2458 8245c667
Hide whitespace changes
Inline Side-by-side
Showing with 104 additions and 28 deletions
CHANGELOG-EE
View file @ 1b0e045d
......@@ -5,6 +5,7 @@ v 8.12.0 (Unreleased)
v 8.11.6
- Exclude blocked users from potential MR approvers
- Add 'Sync now' to group members page !704
v 8.11.5
- API: Restore backward-compatibility for POST /projects/:id/members when membership is locked
......
app/controllers/groups/ldaps_controller.rb
View file @ 1b0e045d
......@@ -2,9 +2,10 @@ class Groups::LdapsController < Groups::ApplicationController
before_action :group
before_action :authorize_admin_group!
def reset_access
LdapGroupResetService.new.execute(group, current_user)
def sync
@group.pending_ldap_sync
LdapGroupSyncWorker.perform_async(@group.id)
redirect_to group_group_members_path(@group), notice: 'Access reset complete'
redirect_to group_group_members_path(@group), notice: 'The group sync has been scheduled'
end
end
app/models/ee/group.rb
View file @ 1b0e045d
......@@ -10,10 +10,15 @@ module EE
state_machine :ldap_sync_status, namespace: :ldap_sync, initial: :ready do
state :ready
state :started
state :pending
state :failed
event :pending do
transition [:ready, :failed] => :pending
end
event :start do
transition [:ready, :failed] => :started
transition [:ready, :pending, :failed] => :started
end
event :finish do
......
app/views/groups/group_members/_ldap_sync.html.haml 0 → 100644
View file @ 1b0e045d
- if current_user && @group.ldap_synced?
.bs-callout.bs-callout-info
The members of this group are managed using LDAP and cannot be added, changed or removed here.
Because LDAP permissions in GitLab get updated one user at a time and because GitLab caches LDAP check results, changes on your LDAP server or in this group's LDAP sync settings may take up to #{Gitlab.config.ldap['sync_time']}s to show in the list below.
%ul
- @group.ldap_group_links.each do |ldap_group_link|
%li
People in cn
%code= ldap_group_link.cn
are given
%code= ldap_group_link.human_access
access.
- if can?(current_user, :admin_group, @group)
= render 'sync_button'
app/views/groups/group_members/_sync_button.html.haml 0 → 100644
View file @ 1b0e045d
- if @group.ldap_sync_started?
%span.btn.disabled
= icon("refresh spin")
Syncing&hellip;
- elsif @group.ldap_sync_pending?
%span.btn.disabled
= icon("refresh spin")
Pending sync&hellip;
- else
= link_to sync_group_ldap_path(@group), method: :put, class: 'btn' do
= icon("refresh")
Sync now
- if @group.ldap_sync_ready? && @group.ldap_sync_last_successful_update_at
%p.inline.prepend-left-10
Successfully synced #{time_ago_with_tooltip(@group.ldap_sync_last_successful_update_at)}.
app/views/groups/group_members/index.html.haml
View file @ 1b0e045d
......@@ -13,23 +13,7 @@
= render 'shared/members/requests', membership_source: @group, requesters: @requesters
- if current_user && @group.ldap_synced?
.bs-callout.bs-callout-info
The members of this group are managed using LDAP and cannot be added, changed or removed here.
Because LDAP permissions in GitLab get updated one user at a time and because GitLab caches LDAP check results, changes on your LDAP server or in this group's LDAP sync settings may take up to #{Gitlab.config.ldap['sync_time']}s to show in the list below.
%ul
- @group.ldap_group_links.each do |ldap_group_link|
%li
People in cn
%code= ldap_group_link.cn
are given
%code= ldap_group_link.human_access
access.
- if can?(current_user, :admin_group_member, @group)
= form_tag(reset_access_group_ldap_path(@group), method: :put, class: 'inline') do
= button_to 'Clear LDAP permission cache', '#', class: "btn btn-remove js-confirm-danger",
data: { "confirm-danger-message" => clear_ldap_permission_cache_message,
'warning-message' => 'If you made manual permission tweaks for some group members they will be lost.' }
= render 'ldap_sync'
.panel.panel-default
.panel-heading
......@@ -51,5 +35,3 @@
event.preventDefault();
Turbolinks.visit(this.action + '?' + $(this).serialize());
});
= render 'shared/confirm_modal', phrase: 'reset'
app/workers/ldap_group_sync_worker.rb
View file @ 1b0e045d
......@@ -3,9 +3,21 @@ class LdapGroupSyncWorker
sidekiq_options retry: false
def perform
logger.info 'Started LDAP group sync'
EE::Gitlab::LDAP::Sync::Groups.execute
logger.info 'Finished LDAP group sync'
def perform(group_id = nil)
if group_id
group = Group.find_by(id: group_id)
unless group
logger.warn "Could not find group #{group_id} for LDAP group sync"
return
end
logger.info "Started LDAP group sync for group #{group.name} (#{group.id})"
EE::Gitlab::LDAP::Sync::Group.execute_all_providers(group)
logger.info "Finished LDAP group sync for group #{group.name} (#{group.id})"
else
logger.info 'Started LDAP group sync'
EE::Gitlab::LDAP::Sync::Groups.execute
logger.info 'Finished LDAP group sync'
end
end
end
config/routes.rb
View file @ 1b0e045d
......@@ -463,7 +463,7 @@ Rails.application.routes.draw do
resource :analytics, only: [:show]
resource :ldap, only: [] do
member do
put :reset_access
put :sync
end
end
......
spec/lib/ee/gitlab/ldap/sync/group_spec.rb
View file @ 1b0e045d
......@@ -92,6 +92,24 @@ describe EE::Gitlab::LDAP::Sync::Group, lib: true do
include_examples :group_state_machine
end
describe '.ldap_sync_ready?' do
let(:ldap_group1) { nil }
it 'returns false when ldap sync started' do
group = create(:group)
group.start_ldap_sync
expect(described_class.ldap_sync_ready?(group)).to be_falsey
end
it 'returns true when ldap sync pending' do
group = create(:group)
group.pending_ldap_sync
expect(described_class.ldap_sync_ready?(group)).to be_truthy
end
end
describe '#update_permissions' do
before { group.start_ldap_sync }
after { group.finish_ldap_sync }
......
spec/workers/ldap_group_sync_worker_spec.rb 0 → 100644
View file @ 1b0e045d
require 'spec_helper'
describe LdapGroupSyncWorker do
describe '#perform' do
it 'syncs all groups when group_id is nil' do
expect(EE::Gitlab::LDAP::Sync::Groups).to receive(:execute)
described_class.new.perform
end
it 'syncs a single group when group_id is present' do
group = create(:group)
expect(EE::Gitlab::LDAP::Sync::Group)
.to receive(:execute_all_providers).with(group)
described_class.new.perform(group.id)
end
it 'logs an error when group cannot be found' do
expect(EE::Gitlab::LDAP::Sync::Group).not_to receive(:execute_all_providers)
expect(Sidekiq.logger)
.to receive(:warn).with('Could not find group 9999 for LDAP group sync')
described_class.new.perform(9999)
end
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7