Commit 1b0e045d authored by Douwe Maan's avatar Douwe Maan

Merge branch 'dblessing/gitlab-ee-group_sync_now'

parents 3d8e2458 8245c667
...@@ -5,6 +5,7 @@ v 8.12.0 (Unreleased) ...@@ -5,6 +5,7 @@ v 8.12.0 (Unreleased)
v 8.11.6 v 8.11.6
- Exclude blocked users from potential MR approvers - Exclude blocked users from potential MR approvers
- Add 'Sync now' to group members page !704
v 8.11.5 v 8.11.5
- API: Restore backward-compatibility for POST /projects/:id/members when membership is locked - API: Restore backward-compatibility for POST /projects/:id/members when membership is locked
......
...@@ -2,9 +2,10 @@ class Groups::LdapsController < Groups::ApplicationController ...@@ -2,9 +2,10 @@ class Groups::LdapsController < Groups::ApplicationController
before_action :group before_action :group
before_action :authorize_admin_group! before_action :authorize_admin_group!
def reset_access def sync
LdapGroupResetService.new.execute(group, current_user) @group.pending_ldap_sync
LdapGroupSyncWorker.perform_async(@group.id)
redirect_to group_group_members_path(@group), notice: 'Access reset complete' redirect_to group_group_members_path(@group), notice: 'The group sync has been scheduled'
end end
end end
...@@ -10,10 +10,15 @@ module EE ...@@ -10,10 +10,15 @@ module EE
state_machine :ldap_sync_status, namespace: :ldap_sync, initial: :ready do state_machine :ldap_sync_status, namespace: :ldap_sync, initial: :ready do
state :ready state :ready
state :started state :started
state :pending
state :failed state :failed
event :pending do
transition [:ready, :failed] => :pending
end
event :start do event :start do
transition [:ready, :failed] => :started transition [:ready, :pending, :failed] => :started
end end
event :finish do event :finish do
......
- if current_user && @group.ldap_synced?
.bs-callout.bs-callout-info
The members of this group are managed using LDAP and cannot be added, changed or removed here.
Because LDAP permissions in GitLab get updated one user at a time and because GitLab caches LDAP check results, changes on your LDAP server or in this group's LDAP sync settings may take up to #{Gitlab.config.ldap['sync_time']}s to show in the list below.
%ul
- @group.ldap_group_links.each do |ldap_group_link|
%li
People in cn
%code= ldap_group_link.cn
are given
%code= ldap_group_link.human_access
access.
- if can?(current_user, :admin_group, @group)
= render 'sync_button'
- if @group.ldap_sync_started?
%span.btn.disabled
= icon("refresh spin")
Syncing&hellip;
- elsif @group.ldap_sync_pending?
%span.btn.disabled
= icon("refresh spin")
Pending sync&hellip;
- else
= link_to sync_group_ldap_path(@group), method: :put, class: 'btn' do
= icon("refresh")
Sync now
- if @group.ldap_sync_ready? && @group.ldap_sync_last_successful_update_at
%p.inline.prepend-left-10
Successfully synced #{time_ago_with_tooltip(@group.ldap_sync_last_successful_update_at)}.
...@@ -13,23 +13,7 @@ ...@@ -13,23 +13,7 @@
= render 'shared/members/requests', membership_source: @group, requesters: @requesters = render 'shared/members/requests', membership_source: @group, requesters: @requesters
- if current_user && @group.ldap_synced? = render 'ldap_sync'
.bs-callout.bs-callout-info
The members of this group are managed using LDAP and cannot be added, changed or removed here.
Because LDAP permissions in GitLab get updated one user at a time and because GitLab caches LDAP check results, changes on your LDAP server or in this group's LDAP sync settings may take up to #{Gitlab.config.ldap['sync_time']}s to show in the list below.
%ul
- @group.ldap_group_links.each do |ldap_group_link|
%li
People in cn
%code= ldap_group_link.cn
are given
%code= ldap_group_link.human_access
access.
- if can?(current_user, :admin_group_member, @group)
= form_tag(reset_access_group_ldap_path(@group), method: :put, class: 'inline') do
= button_to 'Clear LDAP permission cache', '#', class: "btn btn-remove js-confirm-danger",
data: { "confirm-danger-message" => clear_ldap_permission_cache_message,
'warning-message' => 'If you made manual permission tweaks for some group members they will be lost.' }
.panel.panel-default .panel.panel-default
.panel-heading .panel-heading
...@@ -51,5 +35,3 @@ ...@@ -51,5 +35,3 @@
event.preventDefault(); event.preventDefault();
Turbolinks.visit(this.action + '?' + $(this).serialize()); Turbolinks.visit(this.action + '?' + $(this).serialize());
}); });
= render 'shared/confirm_modal', phrase: 'reset'
...@@ -3,9 +3,21 @@ class LdapGroupSyncWorker ...@@ -3,9 +3,21 @@ class LdapGroupSyncWorker
sidekiq_options retry: false sidekiq_options retry: false
def perform def perform(group_id = nil)
logger.info 'Started LDAP group sync' if group_id
EE::Gitlab::LDAP::Sync::Groups.execute group = Group.find_by(id: group_id)
logger.info 'Finished LDAP group sync' unless group
logger.warn "Could not find group #{group_id} for LDAP group sync"
return
end
logger.info "Started LDAP group sync for group #{group.name} (#{group.id})"
EE::Gitlab::LDAP::Sync::Group.execute_all_providers(group)
logger.info "Finished LDAP group sync for group #{group.name} (#{group.id})"
else
logger.info 'Started LDAP group sync'
EE::Gitlab::LDAP::Sync::Groups.execute
logger.info 'Finished LDAP group sync'
end
end end
end end
...@@ -463,7 +463,7 @@ Rails.application.routes.draw do ...@@ -463,7 +463,7 @@ Rails.application.routes.draw do
resource :analytics, only: [:show] resource :analytics, only: [:show]
resource :ldap, only: [] do resource :ldap, only: [] do
member do member do
put :reset_access put :sync
end end
end end
......
...@@ -92,6 +92,24 @@ describe EE::Gitlab::LDAP::Sync::Group, lib: true do ...@@ -92,6 +92,24 @@ describe EE::Gitlab::LDAP::Sync::Group, lib: true do
include_examples :group_state_machine include_examples :group_state_machine
end end
describe '.ldap_sync_ready?' do
let(:ldap_group1) { nil }
it 'returns false when ldap sync started' do
group = create(:group)
group.start_ldap_sync
expect(described_class.ldap_sync_ready?(group)).to be_falsey
end
it 'returns true when ldap sync pending' do
group = create(:group)
group.pending_ldap_sync
expect(described_class.ldap_sync_ready?(group)).to be_truthy
end
end
describe '#update_permissions' do describe '#update_permissions' do
before { group.start_ldap_sync } before { group.start_ldap_sync }
after { group.finish_ldap_sync } after { group.finish_ldap_sync }
......
require 'spec_helper'
describe LdapGroupSyncWorker do
describe '#perform' do
it 'syncs all groups when group_id is nil' do
expect(EE::Gitlab::LDAP::Sync::Groups).to receive(:execute)
described_class.new.perform
end
it 'syncs a single group when group_id is present' do
group = create(:group)
expect(EE::Gitlab::LDAP::Sync::Group)
.to receive(:execute_all_providers).with(group)
described_class.new.perform(group.id)
end
it 'logs an error when group cannot be found' do
expect(EE::Gitlab::LDAP::Sync::Group).not_to receive(:execute_all_providers)
expect(Sidekiq.logger)
.to receive(:warn).with('Could not find group 9999 for LDAP group sync')
described_class.new.perform(9999)
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment