Commit 650e486c authored by Rubén Dávila's avatar Rubén Dávila

Add license check before enabling extra features for LDAP

The following LDAP features will be disabled without a license key:

* Syncing of users
* Syncing of all kind of groups
* Linked LDAP groups configuration
* Support for multiple LDAP servers
parent 5a97763e
...@@ -24,12 +24,7 @@ class SessionsController < Devise::SessionsController ...@@ -24,12 +24,7 @@ class SessionsController < Devise::SessionsController
def new def new
set_minimum_password_length set_minimum_password_length
@ldap_servers = @ldap_servers = Gitlab::LDAP::Config.available_servers
if Gitlab.config.ldap.enabled
Gitlab::LDAP::Config.servers
else
[]
end
super super
end end
......
...@@ -25,7 +25,7 @@ module SelectsHelper ...@@ -25,7 +25,7 @@ module SelectsHelper
def ldap_server_select_options def ldap_server_select_options
options_from_collection_for_select( options_from_collection_for_select(
Gitlab::LDAP::Config.servers, Gitlab::LDAP::Config.available_servers,
'provider_name', 'provider_name',
'label' 'label'
) )
......
...@@ -19,6 +19,7 @@ class License < ActiveRecord::Base ...@@ -19,6 +19,7 @@ class License < ActiveRecord::Base
ISSUE_BOARD_MILESTONE_FEATURE = 'GitLab_IssueBoardMilestone'.freeze ISSUE_BOARD_MILESTONE_FEATURE = 'GitLab_IssueBoardMilestone'.freeze
ISSUE_WEIGHTS_FEATURE = 'GitLab_IssueWeights'.freeze ISSUE_WEIGHTS_FEATURE = 'GitLab_IssueWeights'.freeze
JENKINS_INTEGRATION_FEATURE = 'GitLab_JenkinsIntegration'.freeze JENKINS_INTEGRATION_FEATURE = 'GitLab_JenkinsIntegration'.freeze
LDAP_EXTRAS_FEATURE = 'GitLab_LdapExtras'.freeze
MERGE_REQUEST_APPROVERS_FEATURE = 'GitLab_MergeRequestApprovers'.freeze MERGE_REQUEST_APPROVERS_FEATURE = 'GitLab_MergeRequestApprovers'.freeze
MERGE_REQUEST_REBASE_FEATURE = 'GitLab_MergeRequestRebase'.freeze MERGE_REQUEST_REBASE_FEATURE = 'GitLab_MergeRequestRebase'.freeze
MERGE_REQUEST_SQUASH_FEATURE = 'GitLab_MergeRequestSquash'.freeze MERGE_REQUEST_SQUASH_FEATURE = 'GitLab_MergeRequestSquash'.freeze
...@@ -39,6 +40,7 @@ class License < ActiveRecord::Base ...@@ -39,6 +40,7 @@ class License < ActiveRecord::Base
db_load_balancing: DB_LOAD_BALANCING_FEATURE, db_load_balancing: DB_LOAD_BALANCING_FEATURE,
elastic_search: ELASTIC_SEARCH_FEATURE, elastic_search: ELASTIC_SEARCH_FEATURE,
geo: GEO_FEATURE, geo: GEO_FEATURE,
ldap_extras: LDAP_EXTRAS_FEATURE,
object_storage: OBJECT_STORAGE_FEATURE, object_storage: OBJECT_STORAGE_FEATURE,
related_issues: RELATED_ISSUES_FEATURE, related_issues: RELATED_ISSUES_FEATURE,
repository_size_limit: REPOSITORY_SIZE_LIMIT_FEATURE, repository_size_limit: REPOSITORY_SIZE_LIMIT_FEATURE,
...@@ -87,6 +89,7 @@ class License < ActiveRecord::Base ...@@ -87,6 +89,7 @@ class License < ActiveRecord::Base
{ ISSUE_BOARD_MILESTONE_FEATURE => 1 }, { ISSUE_BOARD_MILESTONE_FEATURE => 1 },
{ ISSUE_WEIGHTS_FEATURE => 1 }, { ISSUE_WEIGHTS_FEATURE => 1 },
{ JENKINS_INTEGRATION_FEATURE => 1 }, { JENKINS_INTEGRATION_FEATURE => 1 },
{ LDAP_EXTRAS_FEATURE => 1 },
{ MERGE_REQUEST_APPROVERS_FEATURE => 1 }, { MERGE_REQUEST_APPROVERS_FEATURE => 1 },
{ MERGE_REQUEST_REBASE_FEATURE => 1 }, { MERGE_REQUEST_REBASE_FEATURE => 1 },
{ MERGE_REQUEST_SQUASH_FEATURE => 1 }, { MERGE_REQUEST_SQUASH_FEATURE => 1 },
......
- if ldap_enabled? - if Gitlab::LDAP::Config.enabled_extras?
= nav_link(path: 'ldap_group_links#index') do = nav_link(path: 'ldap_group_links#index') do
= link_to group_ldap_group_links_path(@group), title: 'LDAP Group' do = link_to group_ldap_group_links_path(@group), title: 'LDAP Group' do
%span %span
......
...@@ -3,6 +3,8 @@ class LdapAllGroupsSyncWorker ...@@ -3,6 +3,8 @@ class LdapAllGroupsSyncWorker
include CronjobQueue include CronjobQueue
def perform def perform
return unless Gitlab::LDAP::Config.enabled_extras?
logger.info 'Started LDAP group sync' logger.info 'Started LDAP group sync'
EE::Gitlab::LDAP::Sync::Groups.execute EE::Gitlab::LDAP::Sync::Groups.execute
logger.info 'Finished LDAP group sync' logger.info 'Finished LDAP group sync'
......
...@@ -3,6 +3,8 @@ class LdapGroupSyncWorker ...@@ -3,6 +3,8 @@ class LdapGroupSyncWorker
include DedicatedSidekiqQueue include DedicatedSidekiqQueue
def perform(group_ids, provider = nil) def perform(group_ids, provider = nil)
return unless Gitlab::LDAP::Config.enabled_extras?
groups = Group.where(id: Array(group_ids)) groups = Group.where(id: Array(group_ids))
if provider if provider
......
...@@ -3,7 +3,8 @@ class LdapSyncWorker ...@@ -3,7 +3,8 @@ class LdapSyncWorker
include CronjobQueue include CronjobQueue
def perform def perform
return unless Gitlab.config.ldap.enabled return unless Gitlab::LDAP::Config.enabled_extras?
Rails.logger.info "Performing daily LDAP sync task." Rails.logger.info "Performing daily LDAP sync task."
User.ldap.find_each(batch_size: 100).each do |ldap_user| User.ldap.find_each(batch_size: 100).each do |ldap_user|
Rails.logger.debug "Syncing user #{ldap_user.username}, #{ldap_user.email}" Rails.logger.debug "Syncing user #{ldap_user.username}, #{ldap_user.email}"
......
if Gitlab::LDAP::Config.enabled? if Gitlab::LDAP::Config.enabled?
module OmniAuth::Strategies module OmniAuth::Strategies
Gitlab::LDAP::Config.servers.each do |server| Gitlab::LDAP::Config.available_servers.each do |server|
# do not redeclare LDAP # do not redeclare LDAP
next if server['provider_name'] == 'ldap' next if server['provider_name'] == 'ldap'
const_set(server['provider_class'], Class.new(LDAP)) const_set(server['provider_class'], Class.new(LDAP))
...@@ -8,7 +8,7 @@ if Gitlab::LDAP::Config.enabled? ...@@ -8,7 +8,7 @@ if Gitlab::LDAP::Config.enabled?
end end
OmniauthCallbacksController.class_eval do OmniauthCallbacksController.class_eval do
Gitlab::LDAP::Config.servers.each do |server| Gitlab::LDAP::Config.available_servers.each do |server|
alias_method server['provider_name'], :ldap alias_method server['provider_name'], :ldap
end end
end end
......
...@@ -21,7 +21,7 @@ module API ...@@ -21,7 +21,7 @@ module API
use :search_params use :search_params
end end
get 'groups' do get 'groups' do
provider = Gitlab::LDAP::Config.servers.first['provider_name'] provider = Gitlab::LDAP::Config.available_servers.first['provider_name']
groups = get_group_list(provider, params[:search]) groups = get_group_list(provider, params[:search])
present groups, with: Entities::LdapGroup present groups, with: Entities::LdapGroup
end end
......
module EE
module Gitlab
module LDAP
module Config
extend ActiveSupport::Concern
class_methods do
def enabled_extras?
enabled? && ::License.feature_available?(:ldap_extras)
end
end
end
end
end
end
...@@ -2,6 +2,8 @@ ...@@ -2,6 +2,8 @@
module Gitlab module Gitlab
module LDAP module LDAP
class Config class Config
include ::EE::Gitlab::LDAP::Config
attr_accessor :provider, :options attr_accessor :provider, :options
InvalidProvider = Class.new(StandardError) InvalidProvider = Class.new(StandardError)
...@@ -16,6 +18,12 @@ module Gitlab ...@@ -16,6 +18,12 @@ module Gitlab
[] []
end end
def self.available_servers
return [] unless enabled?
enabled_extras? ? servers : Array.wrap(servers.first)
end
def self.providers def self.providers
servers.map { |server| server['provider_name'] } servers.map { |server| server['provider_name'] }
end end
......
...@@ -13,6 +13,7 @@ describe API::Ldap do ...@@ -13,6 +13,7 @@ describe API::Ldap do
OpenStruct.new(cn: 'students') OpenStruct.new(cn: 'students')
] ]
allow(Gitlab::LDAP::Config).to receive(:enabled?).and_return(true)
allow(Gitlab::LDAP::Adapter).to receive(:new).and_return(adapter) allow(Gitlab::LDAP::Adapter).to receive(:new).and_return(adapter)
allow(adapter).to receive_messages(groups: groups) allow(adapter).to receive_messages(groups: groups)
end end
......
...@@ -5,13 +5,28 @@ describe LdapAllGroupsSyncWorker do ...@@ -5,13 +5,28 @@ describe LdapAllGroupsSyncWorker do
before do before do
allow(Sidekiq.logger).to receive(:info) allow(Sidekiq.logger).to receive(:info)
allow(Gitlab::LDAP::Config).to receive(:enabled?).and_return(true)
end end
describe '#perform' do describe '#perform' do
context 'with the default license key' do
it 'syncs all groups when group_id is nil' do it 'syncs all groups when group_id is nil' do
expect(EE::Gitlab::LDAP::Sync::Groups).to receive(:execute) expect(EE::Gitlab::LDAP::Sync::Groups).to receive(:execute)
subject.perform subject.perform
end end
end end
context 'without a license key' do
before do
License.destroy_all
end
it 'does not sync all groups' do
expect(EE::Gitlab::LDAP::Sync::Groups).not_to receive(:execute)
subject.perform
end
end
end
end end
...@@ -14,9 +14,11 @@ describe LdapGroupSyncWorker do ...@@ -14,9 +14,11 @@ describe LdapGroupSyncWorker do
before do before do
allow(Sidekiq.logger).to receive(:info) allow(Sidekiq.logger).to receive(:info)
allow(Gitlab::LDAP::Config).to receive(:enabled?).and_return(true)
end end
describe '#perform' do describe '#perform' do
context 'with the default license key' do
it 'syncs a single group when group_id is present' do it 'syncs a single group when group_id is present' do
expect(subject).to receive(:sync_groups).with([group]) expect(subject).to receive(:sync_groups).with([group])
...@@ -31,6 +33,19 @@ describe LdapGroupSyncWorker do ...@@ -31,6 +33,19 @@ describe LdapGroupSyncWorker do
end end
end end
context 'without a license key' do
before do
License.destroy_all
end
it 'does not sync groups' do
expect(subject).not_to receive(:sync_groups)
subject.perform(group.id)
end
end
end
describe '#sync_groups' do describe '#sync_groups' do
it 'syncs a group when it was found without a proxy' do it 'syncs a group when it was found without a proxy' do
expect(subject).to receive(:sync_group).with(group, proxy: nil) expect(subject).to receive(:sync_group).with(group, proxy: nil)
......
require 'spec_helper'
describe LdapSyncWorker do
let(:subject) { described_class.new }
before do
allow(Sidekiq.logger).to receive(:info)
allow(Gitlab::LDAP::Config).to receive(:enabled?).and_return(true)
create(:omniauth_user, provider: 'ldapmain')
end
describe '#perform' do
context 'with the default license key' do
it 'syncs all LDAP users' do
expect(Gitlab::LDAP::Access).to receive(:allowed?)
subject.perform
end
end
context 'without a license key' do
before do
License.destroy_all
end
it 'does not sync LDAP users' do
expect(Gitlab::LDAP::Access).not_to receive(:allowed?)
subject.perform
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment