Merge branch 'dblessing-auth-info-usage-ping' into 'master'

Add authentication information to usage ping See merge request gitlab-org/gitlab!32790

Merge branch 'dblessing-auth-info-usage-ping' into 'master'
Add authentication information to usage ping See merge request gitlab-org/gitlab!32790
f5d90c4d · Jan Provaznik · f820fc9f · ab661170 · f5d90c4d · f5d90c4d
Commit f5d90c4d authored Jun 04, 2020 by Jan Provaznik
3 changed files
--- a/ee/changelogs/unreleased/dblessing-auth-info-usage-ping.yml
+++ b/ee/changelogs/unreleased/dblessing-auth-info-usage-ping.yml
+---
+title: Add authentication information to usage ping
+merge_request: 32790
+author:
+type: changed
--- a/ee/lib/ee/gitlab/usage_data.rb
+++ b/ee/lib/ee/gitlab/usage_data.rb
@@ -277,7 +277,12 @@ module EE
            ldap_users: distinct_count(::GroupMember.of_ldap_type.where(time_period), :user_id),
            users_created: count(::User.where(time_period)),
            value_stream_management_customized_group_stages: count(::Analytics::CycleAnalytics::GroupStage.where(custom: true)),
-            projects_with_compliance_framework: count(::ComplianceManagement::ComplianceFramework::ProjectSettings)
+            projects_with_compliance_framework: count(::ComplianceManagement::ComplianceFramework::ProjectSettings),
+            ldap_servers: ldap_available_servers.size,
+            ldap_group_sync_enabled: ldap_config_present_for_any_provider?(:group_base),
+            ldap_admin_sync_enabled: ldap_config_present_for_any_provider?(:admin_group),
+            omniauth_providers: filtered_omniauth_provider_names.reject { |name| name == 'group_saml' },
+            group_saml_enabled: omniauth_provider_names.include?('group_saml')
          }
        end
@@ -386,6 +391,26 @@ module EE
          distinct_count(clusters.where(time_period), :user_id)
        end
        # rubocop:enable CodeReuse/ActiveRecord
+        def ldap_available_servers
+          ::Gitlab::Auth::Ldap::Config.available_servers
+        end
+        def ldap_config_present_for_any_provider?(configuration_item)
+          ldap_available_servers.any? { |server_config| server_config[configuration_item.to_s] }
+        end
+        def omniauth_provider_names
+          ::Gitlab.config.omniauth.providers.map(&:name)
+        end
+        # LDAP provider names are set by customers and could include
+        # sensitive info (server names, etc). LDAP providers normally
+        # don't appear in omniauth providers but filter to ensure
+        # no internal details leak via usage ping.
+        def filtered_omniauth_provider_names
+          omniauth_provider_names.reject { |name| name.starts_with?('ldap') }
+        end
      end
    end
  end

--- a/ee/spec/lib/ee/gitlab/usage_data_spec.rb
+++ b/ee/spec/lib/ee/gitlab/usage_data_spec.rb
@@ -418,6 +418,13 @@ RSpec.describe Gitlab::UsageData do
          context 'for manage' do
            it 'includes accurate usage_activity_by_stage data' do
+              stub_config(
+                ldap:
+                  { enabled: true, servers: ldap_server_config },
+                omniauth:
+                  { providers: omniauth_providers }
+              )
              for_defined_days_back do
                user = create(:user)
                create(:event, author: user)
@@ -435,7 +442,12 @@ RSpec.describe Gitlab::UsageData do
                ldap_users: 2,
                users_created: 8,
                value_stream_management_customized_group_stages: 2,
-                projects_with_compliance_framework: 2
+                projects_with_compliance_framework: 2,
+                ldap_servers: 2,
+                ldap_group_sync_enabled: true,
+                ldap_admin_sync_enabled: true,
+                omniauth_providers: ['google_oauth2'],
+                group_saml_enabled: true
              )
              expect(described_class.uncached_data[:usage_activity_by_stage_monthly][:manage]).to eq(
                events: 1,
@@ -444,9 +456,39 @@ RSpec.describe Gitlab::UsageData do
                ldap_users: 1,
                users_created: 5,
                value_stream_management_customized_group_stages: 2,
-                projects_with_compliance_framework: 2
+                projects_with_compliance_framework: 2,
+                ldap_servers: 2,
+                ldap_group_sync_enabled: true,
+                ldap_admin_sync_enabled: true,
+                omniauth_providers: ['google_oauth2'],
+                group_saml_enabled: true
              )
            end
+            def omniauth_providers
+              [
+                OpenStruct.new(name: 'google_oauth2'),
+                OpenStruct.new(name: 'ldapmain'),
+                OpenStruct.new(name: 'group_saml')
+              ]
+            end
+            def ldap_server_config
+              {
+                'main' =>
+                  {
+                    'provider_name' => 'ldapmain',
+                    'group_base'    => 'ou=groups',
+                    'admin_group'   => 'my_group'
+                  },
+                'secondary' =>
+                  {
+                    'provider_name' => 'ldapsecondary',
+                    'group_base'    => nil,
+                    'admin_group'   => nil
+                  }
+              }
+            end
          end
          context 'for monitor' do