Commit 4cc86e3c authored by Gabriel Mazetto's avatar Gabriel Mazetto

Merge branch 'dblessing-remove-scim-identities-feature-flag' into 'master'

Remove `scim_identities` feature flag

See merge request gitlab-org/gitlab!43458
parents 966edcc7 ab9cb62c
......@@ -21,22 +21,12 @@ class ScimFinder
private
def scim_identities_enabled?
strong_memoize(:scim_identities_enabled) do
::EE::Gitlab::Scim::Feature.scim_identities_enabled?(group)
end
end
def null_identity
return ScimIdentity.none if scim_identities_enabled?
Identity.none
ScimIdentity.none
end
def all_identities
return group.scim_identities if scim_identities_enabled?
saml_provider.identities
group.scim_identities
end
def unfiltered?(params)
......@@ -63,9 +53,7 @@ class ScimFinder
end
def by_extern_uid(extern_uid)
return group.scim_identities.with_extern_uid(extern_uid) if scim_identities_enabled?
Identity.where_group_saml_uid(saml_provider, extern_uid)
group.scim_identities.with_extern_uid(extern_uid)
end
def eq_filter_on_username?(parser)
......@@ -79,9 +67,7 @@ class ScimFinder
user ||= User.find_by_any_email(username) || User.find_by_username(email_local_part(username))
end
return group.scim_identities.for_user(user) if scim_identities_enabled?
saml_provider.identities.for_user(user)
group.scim_identities.for_user(user)
end
def email?(email)
......
---
name: scim_identities
introduced_by_url:
rollout_issue_url:
group:
type: development
default_enabled: true
......@@ -97,23 +97,12 @@ module API
def find_user_identity(group, extern_uid)
return unless group.saml_provider
return group.scim_identities.with_extern_uid(extern_uid).first if scim_identities_enabled?
GroupSamlIdentityFinder.find_by_group_and_uid(group: group, uid: extern_uid)
end
def scim_identities_enabled?
strong_memoize(:scim_identities_enabled) do
::EE::Gitlab::Scim::Feature.scim_identities_enabled?(@group)
end
group.scim_identities.with_extern_uid(extern_uid).first
end
def deprovision(identity)
if scim_identities_enabled?
::EE::Gitlab::Scim::DeprovisionService.new(identity).execute
else
GroupSaml::Identity::DestroyService.new(identity).execute(transactional: true)
end
true
rescue => e
......
# frozen_string_literal: true
module EE
module Gitlab
module Scim
class Feature
def self.scim_identities_enabled?(group)
::Feature.enabled?(:scim_identities, group, default_enabled: true)
end
end
end
end
end
......@@ -50,24 +50,8 @@ module EE
error_response(objects: [user, identity, member])
end
def scim_identities_enabled?
strong_memoize(:scim_identities_enabled) do
::EE::Gitlab::Scim::Feature.scim_identities_enabled?(@group)
end
end
def identity_provider
strong_memoize(:identity_provider) do
next ::Users::BuildService::GROUP_SCIM_PROVIDER if scim_identities_enabled?
::Users::BuildService::GROUP_SAML_PROVIDER
end
end
def identity
strong_memoize(:identity) do
next saml_identity unless scim_identities_enabled?
identity = @group.scim_identities.with_extern_uid(@parsed_hash[:extern_uid]).first
next identity if identity
......@@ -75,14 +59,8 @@ module EE
end
end
def saml_identity
::Identity.with_extern_uid(identity_provider, @parsed_hash[:extern_uid]).first
end
def user
strong_memoize(:user) do
next build_user unless scim_identities_enabled?
user = ::User.find_by_any_email(@parsed_hash[:email])
next user if user
......@@ -127,7 +105,7 @@ module EE
hash[:skip_confirmation] = SKIP_EMAIL_CONFIRMATION
hash[:saml_provider_id] = @group.saml_provider.id
hash[:group_id] = @group.id
hash[:provider] = identity_provider
hash[:provider] = ::Users::BuildService::GROUP_SCIM_PROVIDER
hash[:username] = valid_username
hash[:password] = hash[:password_confirmation] = random_password
hash[:password_automatically_set] = PASSWORD_AUTOMATICALLY_SET
......@@ -161,7 +139,7 @@ module EE
end
def create_identity_only?
scim_identities_enabled? && existing_user? && existing_member?(user)
existing_user? && existing_member?(user)
end
def existing_identity_and_member?
......
......@@ -10,15 +10,7 @@ RSpec.describe ScimFinder do
describe '#search' do
context 'without a SAML provider' do
it 'returns an empty identity relation when scim_identities is disabled' do
stub_feature_flags(scim_identities: false)
expect(finder.search(unused_params)).to eq Identity.none
end
it 'returns an empty scim identity relation when scim_identities is enabled' do
stub_feature_flags(scim_identities: true)
it 'returns an empty scim identity relation' do
expect(finder.search(unused_params)).to eq ScimIdentity.none
end
end
......@@ -28,15 +20,7 @@ RSpec.describe ScimFinder do
create(:saml_provider, group: group, enabled: false)
end
it 'returns an empty identity relation when scim_identities is disabled' do
stub_feature_flags(scim_identities: false)
expect(finder.search(unused_params)).to eq Identity.none
end
it 'returns an empty scim identity relation when scim_identities is enabled' do
stub_feature_flags(scim_identities: true)
it 'returns an empty scim identity relation' do
expect(finder.search(unused_params)).to eq ScimIdentity.none
end
end
......@@ -45,7 +29,9 @@ RSpec.describe ScimFinder do
let_it_be(:saml_provider) { create(:saml_provider, group: group) }
context 'with an eq filter' do
shared_examples 'valid lookups' do
let_it_be(:user) { create(:user, username: 'foo', email: 'bar@example.com') }
let_it_be(:id) { create(:scim_identity, group: group, user: user) }
it 'allows identity lookup by id/externalId' do
expect(finder.search(filter: "id eq #{id.extern_uid}")).to be_a ActiveRecord::Relation
expect(finder.search(filter: "id eq #{id.extern_uid}").first).to eq id
......@@ -76,36 +62,8 @@ RSpec.describe ScimFinder do
end
end
context 'when scim_identities is disabled' do
before do
stub_feature_flags(scim_identities: false)
end
let_it_be(:id) { create(:group_saml_identity, saml_provider: saml_provider) }
it_behaves_like 'valid lookups'
end
context 'when scim_identities is enabled' do
before do
stub_feature_flags(scim_identities: true)
end
let_it_be(:user) { create(:user, username: 'foo', email: 'bar@example.com') }
let_it_be(:id) { create(:scim_identity, group: group, user: user) }
it_behaves_like 'valid lookups'
end
end
context 'with no filter' do
it 'returns all related identities when scim_identities is disabled' do
stub_feature_flags(scim_identities: false)
create_list(:group_saml_identity, 2, saml_provider: saml_provider)
expect(finder.search({}).count).to eq 2
end
it 'returns all related identities when scim_identities is enabled' do
stub_feature_flags(scim_identities: true)
it 'returns all related scim_identities' do
create_list(:scim_identity, 4, group: group)
expect(finder.search({}).count).to eq 4
......
......@@ -27,7 +27,22 @@ RSpec.describe ::EE::Gitlab::Scim::ProvisioningService do
end
end
shared_examples 'scim provisioning' do
shared_examples 'existing user' do
it 'does not create a new user' do
expect { service.execute }.not_to change { User.count }
end
it_behaves_like 'success response'
it 'creates the SCIM identity' do
expect { service.execute }.to change { ScimIdentity.count }.by(1)
end
it 'does not create the SAML identity' do
expect { service.execute }.not_to change { Identity.count }
end
end
context 'valid params' do
let_it_be(:service_params) do
{
......@@ -107,69 +122,6 @@ RSpec.describe ::EE::Gitlab::Scim::ProvisioningService do
expect(service.execute.message).to eq("Missing params: [:username]")
end
end
end
shared_examples 'existing user when scim identities are enabled' do
it 'does not create a new user' do
expect { service.execute }.not_to change { User.count }
end
it_behaves_like 'success response'
it 'creates the SCIM identity' do
expect { service.execute }.to change { ScimIdentity.count }.by(1)
end
it 'does not create the SAML identity' do
expect { service.execute }.not_to change { Identity.count }
end
end
context 'when scim_identities is disabled' do
before do
stub_feature_flags(scim_identities: false)
end
it_behaves_like 'scim provisioning'
let_it_be(:service_params) do
{
email: 'work@example.com',
name: 'Test Name',
extern_uid: 'test_uid',
username: 'username'
}
end
it 'creates the SAML identity' do
expect { service.execute }.to change { Identity.count }.by(1)
end
it 'does not create the SCIM identity' do
expect { service.execute }.not_to change { ScimIdentity.count }
end
context 'existing user' do
before do
create(:user, email: 'work@example.com')
end
it 'does not create a new user' do
expect { service.execute }.not_to change { User.count }
end
it 'fails with conflict' do
expect(service.execute.status).to eq(:conflict)
end
end
end
context 'when scim_identities is enabled' do
before do
stub_feature_flags(scim_identities: true)
end
it_behaves_like 'scim provisioning'
let_it_be(:service_params) do
{
......@@ -188,14 +140,14 @@ RSpec.describe ::EE::Gitlab::Scim::ProvisioningService do
expect { service.execute }.to change { Identity.count }.by(1)
end
context 'existing user' do
context 'for an existing user' do
before do
create(:email, user: user, email: 'work@example.com')
end
let(:user) { create(:user) }
context 'when user is not an existing group member' do
it_behaves_like 'existing user when scim identities are enabled'
context 'when user is not a group member' do
it_behaves_like 'existing user'
it 'creates the group member' do
expect { service.execute }.to change { GroupMember.count }.by(1)
......@@ -223,7 +175,7 @@ RSpec.describe ::EE::Gitlab::Scim::ProvisioningService do
group.add_guest(user)
end
it_behaves_like 'existing user when scim identities are enabled'
it_behaves_like 'existing user'
it 'does not create the group member' do
expect { service.execute }.not_to change { GroupMember.count }
......@@ -231,5 +183,4 @@ RSpec.describe ::EE::Gitlab::Scim::ProvisioningService do
end
end
end
end
end
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment