Commit afa2cb2b authored by Douwe Maan's avatar Douwe Maan

Merge branch 'mk-add-group-ldap-sync-to-api' into 'master'

Add LDAP sync endpoint to Groups API

Closes #2304

See merge request !2785
parents 48f41ee0 ff550f47
class Groups::LdapsController < Groups::ApplicationController
before_action :group
before_action :authorize_admin_group!
before_action :check_enabled_extras!
def sync
@group.pending_ldap_sync
LdapGroupSyncWorker.perform_async(@group.id)
if @group.pending_ldap_sync
LdapGroupSyncWorker.perform_async(@group.id)
message = 'The group sync has been scheduled'
else
message = 'The group sync is already scheduled'
end
redirect_to group_group_members_path(@group), notice: 'The group sync has been scheduled'
redirect_to group_group_members_path(@group), notice: message
end
private
def check_enabled_extras!
render_404 unless Gitlab::LDAP::Config.enabled_extras?
end
end
---
title: Add LDAP sync endpoint to Groups API
merge_request: 2785
author:
type: added
......@@ -395,7 +395,7 @@ Example response:
## Remove group
Removes group with all projects inside.
Removes group with all projects inside. Only available to group owners and administrators.
```
DELETE /groups/:id
......@@ -424,6 +424,18 @@ GET /groups?search=foobar
]
```
## Sync group with LDAP
Syncs the group with its linked LDAP group. Only available to group owners and administrators.
```
POST /groups/:id/ldap_sync
```
Parameters:
- `id` (required) - The ID or path of a user group
## Group members
Please consult the [Group Members](members.md) documentation.
......
......@@ -153,6 +153,7 @@ module API
destroy_conditionally!(group) do |group|
::Groups::DestroyService.new(group, current_user).execute
end
status 204
end
desc 'Get a list of projects in this group.' do
......@@ -200,6 +201,19 @@ module API
render_api_error!("Failed to transfer project #{project.errors.messages}", 400)
end
end
desc 'Sync a group with LDAP.'
post ":id/ldap_sync" do
not_found! unless Gitlab::LDAP::Config.enabled_extras?
group = find_group!(params[:id])
authorize! :admin_group, group
if group.pending_ldap_sync
LdapGroupSyncWorker.perform_async(group.id)
end
status 202
end
end
end
end
......@@ -670,4 +670,96 @@ describe API::Groups do
end
end
end
describe 'POST /groups/:id/ldap_sync' do
context 'when LDAP config enabled_extras is true' do
before do
allow(Gitlab::LDAP::Config).to receive(:enabled_extras?).and_return(true)
end
context 'when authenticated as the group owner' do
context 'when the group is ready to sync' do
it 'returns 202 Accepted' do
ldap_sync(group1.id, user1, :disable!)
expect(response).to have_http_status(202)
end
it 'queues a sync job' do
expect { ldap_sync(group1.id, user1, :fake!) }.to change(LdapGroupSyncWorker.jobs, :size).by(1)
end
it 'sets the ldap_sync state to pending' do
ldap_sync(group1.id, user1, :disable!)
expect(group1.reload.ldap_sync_pending?).to be_truthy
end
end
context 'when the group is already pending a sync' do
before do
group1.pending_ldap_sync!
end
it 'returns 202 Accepted' do
ldap_sync(group1.id, user1, :disable!)
expect(response).to have_http_status(202)
end
it 'does not queue a sync job' do
expect { ldap_sync(group1.id, user1, :fake!) }.not_to change(LdapGroupSyncWorker.jobs, :size)
end
it 'does not change the ldap_sync state' do
expect do
ldap_sync(group1.id, user1, :disable!)
end.not_to change { group1.reload.ldap_sync_status }
end
end
it 'returns 404 for a non existing group' do
ldap_sync(1328, user1, :disable!)
expect(response).to have_http_status(404)
end
end
context 'when authenticated as the admin' do
it 'returns 202 Accepted' do
ldap_sync(group1.id, admin, :disable!)
expect(response).to have_http_status(202)
end
end
context 'when authenticated as a non-owner user that can see the group' do
it 'returns 403' do
ldap_sync(group1.id, user2, :disable!)
expect(response).to have_http_status(403)
end
end
context 'when authenticated as an user that cannot see the group' do
it 'returns 404' do
ldap_sync(group2.id, user1, :disable!)
expect(response).to have_http_status(404)
end
end
end
context 'when LDAP config enabled_extras is false' do
before do
allow(Gitlab::LDAP::Config).to receive(:enabled_extras?).and_return(false)
end
it 'returns 404 (same as CE would)' do
ldap_sync(group1.id, admin, :disable!)
expect(response).to have_http_status(404)
end
end
end
def ldap_sync(group_id, user, sidekiq_testing_method)
Sidekiq::Testing.send(sidekiq_testing_method) do
post api("/groups/#{group_id}/ldap_sync", user)
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment