Add Sync now to group members page

8245c667 · Drew Blessing · 88e44726 · 8245c667 · 8245c667 · 8245c667
Commit 8245c667 authored Sep 01, 2016 by Drew Blessing
10 changed files
--- a/CHANGELOG-EE
+++ b/CHANGELOG-EE
 Please view this file on the master branch, on stable branches it's out of date.
 v 8.12.0 (Unreleased)
+  - Add 'Sync now' to group members page !704

 v 8.11.5
  - API: Restore backward-compatibility for POST /projects/:id/members when membership is locked

--- a/app/controllers/groups/ldaps_controller.rb
+++ b/app/controllers/groups/ldaps_controller.rb
@@ -2,9 +2,10 @@ class Groups::LdapsController < Groups::ApplicationController
  before_action :group
  before_action :authorize_admin_group!

-  def reset_access
-    LdapGroupResetService.new.execute(group, current_user)
+  def sync
+    @group.pending_ldap_sync
+    LdapGroupSyncWorker.perform_async(@group.id)

-    redirect_to group_group_members_path(@group), notice: 'Access reset complete'
+    redirect_to group_group_members_path(@group), notice: 'The group sync has been scheduled'
  end
 end
--- a/app/models/ee/group.rb
+++ b/app/models/ee/group.rb
@@ -10,10 +10,15 @@ module EE
      state_machine :ldap_sync_status, namespace: :ldap_sync, initial: :ready do
        state :ready
        state :started
+        state :pending
        state :failed

+        event :pending do
+          transition [:ready, :failed] => :pending
+        end
+
        event :start do
-          transition [:ready, :failed] => :started
+          transition [:ready, :pending, :failed] => :started
        end

        event :finish do

--- a/app/views/groups/group_members/_ldap_sync.html.haml
+++ b/app/views/groups/group_members/_ldap_sync.html.haml
+- if current_user && @group.ldap_synced?
+  .bs-callout.bs-callout-info
+    The members of this group are managed using LDAP and cannot be added, changed or removed here.
+    Because LDAP permissions in GitLab get updated one user at a time and because GitLab caches LDAP check results, changes on your LDAP server or in this group's LDAP sync settings may take up to #{Gitlab.config.ldap['sync_time']}s to show in the list below.
+    %ul
+      - @group.ldap_group_links.each do |ldap_group_link|
+        %li
+          People in cn
+          %code= ldap_group_link.cn
+          are given
+          %code= ldap_group_link.human_access
+          access.
+    - if can?(current_user, :admin_group, @group)
+      = render 'sync_button'
--- a/app/views/groups/group_members/_sync_button.html.haml
+++ b/app/views/groups/group_members/_sync_button.html.haml
+- if @group.ldap_sync_started?
+  %span.btn.disabled
+    = icon("refresh spin")
+    Syncing&hellip;
+- elsif @group.ldap_sync_pending?
+  %span.btn.disabled
+    = icon("refresh spin")
+    Pending sync&hellip;
+- else
+  = link_to sync_group_ldap_path(@group), method: :put, class: 'btn' do
+    = icon("refresh")
+    Sync now
+- if @group.ldap_sync_ready? && @group.ldap_sync_last_successful_update_at
+  %p.inline.prepend-left-10
+    Successfully synced #{time_ago_with_tooltip(@group.ldap_sync_last_successful_update_at)}.
--- a/app/views/groups/group_members/index.html.haml
+++ b/app/views/groups/group_members/index.html.haml
@@ -13,23 +13,7 @@

    = render 'shared/members/requests', membership_source: @group, requesters: @requesters

-  - if current_user && @group.ldap_synced?
-    .bs-callout.bs-callout-info
-      The members of this group are managed using LDAP and cannot be added, changed or removed here.
-      Because LDAP permissions in GitLab get updated one user at a time and because GitLab caches LDAP check results, changes on your LDAP server or in this group's LDAP sync settings may take up to #{Gitlab.config.ldap['sync_time']}s to show in the list below.
-      %ul
-        - @group.ldap_group_links.each do |ldap_group_link|
-          %li
-            People in cn
-            %code= ldap_group_link.cn
-            are given
-            %code= ldap_group_link.human_access
-            access.
-      - if can?(current_user, :admin_group_member, @group)
-        = form_tag(reset_access_group_ldap_path(@group), method: :put, class: 'inline') do
-          = button_to 'Clear LDAP permission cache', '#', class: "btn btn-remove js-confirm-danger",
-            data: { "confirm-danger-message" => clear_ldap_permission_cache_message,
-                    'warning-message' => 'If you made manual permission tweaks for some group members they will be lost.' }
+  = render 'ldap_sync'

  .panel.panel-default
    .panel-heading
@@ -51,5 +35,3 @@
    event.preventDefault();
    Turbolinks.visit(this.action + '?' + $(this).serialize());
  });
-
-= render 'shared/confirm_modal', phrase: 'reset'
--- a/app/workers/ldap_group_sync_worker.rb
+++ b/app/workers/ldap_group_sync_worker.rb
@@ -3,9 +3,21 @@ class LdapGroupSyncWorker

  sidekiq_options retry: false

-  def perform
-    logger.info 'Started LDAP group sync'
-    EE::Gitlab::LDAP::Sync::Groups.execute
-    logger.info 'Finished LDAP group sync'
+  def perform(group_id = nil)
+    if group_id
+      group = Group.find_by(id: group_id)
+      unless group
+        logger.warn "Could not find group #{group_id} for LDAP group sync"
+        return
+      end
+
+      logger.info "Started LDAP group sync for group #{group.name} (#{group.id})"
+      EE::Gitlab::LDAP::Sync::Group.execute_all_providers(group)
+      logger.info "Finished LDAP group sync for group #{group.name} (#{group.id})"
+    else
+      logger.info 'Started LDAP group sync'
+      EE::Gitlab::LDAP::Sync::Groups.execute
+      logger.info 'Finished LDAP group sync'
+    end
  end
 end
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -463,7 +463,7 @@ Rails.application.routes.draw do
      resource :analytics, only: [:show]
      resource :ldap, only: [] do
        member do
-          put :reset_access
+          put :sync
        end
      end


--- a/spec/lib/ee/gitlab/ldap/sync/group_spec.rb
+++ b/spec/lib/ee/gitlab/ldap/sync/group_spec.rb
@@ -92,6 +92,24 @@ describe EE::Gitlab::LDAP::Sync::Group, lib: true do
    include_examples :group_state_machine
  end

+  describe '.ldap_sync_ready?' do
+    let(:ldap_group1) { nil }
+
+    it 'returns false when ldap sync started' do
+      group = create(:group)
+      group.start_ldap_sync
+
+      expect(described_class.ldap_sync_ready?(group)).to be_falsey
+    end
+
+    it 'returns true when ldap sync pending' do
+      group = create(:group)
+      group.pending_ldap_sync
+
+      expect(described_class.ldap_sync_ready?(group)).to be_truthy
+    end
+  end
+
  describe '#update_permissions' do
    before { group.start_ldap_sync }
    after { group.finish_ldap_sync }

--- a/spec/workers/ldap_group_sync_worker_spec.rb
+++ b/spec/workers/ldap_group_sync_worker_spec.rb
+require 'spec_helper'
+
+describe LdapGroupSyncWorker do
+  describe '#perform' do
+    it 'syncs all groups when group_id is nil' do
+      expect(EE::Gitlab::LDAP::Sync::Groups).to receive(:execute)
+
+      described_class.new.perform
+    end
+
+    it 'syncs a single group when group_id is present' do
+      group = create(:group)
+
+      expect(EE::Gitlab::LDAP::Sync::Group)
+        .to receive(:execute_all_providers).with(group)
+
+      described_class.new.perform(group.id)
+    end
+
+    it 'logs an error when group cannot be found' do
+      expect(EE::Gitlab::LDAP::Sync::Group).not_to receive(:execute_all_providers)
+      expect(Sidekiq.logger)
+        .to receive(:warn).with('Could not find group 9999 for LDAP group sync')
+
+      described_class.new.perform(9999)
+    end
+  end
+end