Add authentication information to usage ping

This adds authentication info In the manage stage section of usage ping. Additions include LDAP stats, which omniauth providers are enabled, and whether group SAML is in use.

Add authentication information to usage ping
This adds authentication info In the manage stage section of usage ping. Additions include LDAP stats, which omniauth providers are enabled, and whether group SAML is in use.
ab661170 · Drew Blessing · Drew Blessing · 0a066d83 · ab661170 · ab661170
Commit ab661170 authored May 21, 2020 by Drew Blessing Committed by Drew Blessing Jun 03, 2020
3 changed files
--- a/ee/changelogs/unreleased/dblessing-auth-info-usage-ping.yml
+++ b/ee/changelogs/unreleased/dblessing-auth-info-usage-ping.yml
+---
+title: Add authentication information to usage ping
+merge_request: 32790
+author:
+type: changed
--- a/ee/lib/ee/gitlab/usage_data.rb
+++ b/ee/lib/ee/gitlab/usage_data.rb
@@ -277,7 +277,12 @@ module EE
            ldap_users: distinct_count(::GroupMember.of_ldap_type.where(time_period), :user_id),
            users_created: count(::User.where(time_period)),
            value_stream_management_customized_group_stages: count(::Analytics::CycleAnalytics::GroupStage.where(custom: true)),
-            projects_with_compliance_framework: count(::ComplianceManagement::ComplianceFramework::ProjectSettings)
+            projects_with_compliance_framework: count(::ComplianceManagement::ComplianceFramework::ProjectSettings),
+            ldap_servers: ldap_available_servers.size,
+            ldap_group_sync_enabled: ldap_config_present_for_any_provider?(:group_base),
+            ldap_admin_sync_enabled: ldap_config_present_for_any_provider?(:admin_group),
+            omniauth_providers: filtered_omniauth_provider_names.reject { |name| name == 'group_saml' },
+            group_saml_enabled: omniauth_provider_names.include?('group_saml')
          }
        end
@@ -386,6 +391,26 @@ module EE
          distinct_count(clusters.where(time_period), :user_id)
        end
        # rubocop:enable CodeReuse/ActiveRecord
+        def ldap_available_servers
+          ::Gitlab::Auth::Ldap::Config.available_servers
+        end
+        def ldap_config_present_for_any_provider?(configuration_item)
+          ldap_available_servers.any? { |server_config| server_config[configuration_item.to_s] }
+        end
+        def omniauth_provider_names
+          ::Gitlab.config.omniauth.providers.map(&:name)
+        end
+        # LDAP provider names are set by customers and could include
+        # sensitive info (server names, etc). LDAP providers normally
+        # don't appear in omniauth providers but filter to ensure
+        # no internal details leak via usage ping.
+        def filtered_omniauth_provider_names
+          omniauth_provider_names.reject { |name| name.starts_with?('ldap') }
+        end
      end
    end
  end

--- a/ee/spec/lib/ee/gitlab/usage_data_spec.rb
+++ b/ee/spec/lib/ee/gitlab/usage_data_spec.rb
@@ -416,6 +416,13 @@ describe Gitlab::UsageData do
          context 'for manage' do
            it 'includes accurate usage_activity_by_stage data' do
+              stub_config(
+                ldap:
+                  { enabled: true, servers: ldap_server_config },
+                omniauth:
+                  { providers: omniauth_providers }
+              )
              for_defined_days_back do
                user = create(:user)
                create(:event, author: user)
@@ -433,7 +440,12 @@ describe Gitlab::UsageData do
                ldap_users: 2,
                users_created: 8,
                value_stream_management_customized_group_stages: 2,
-                projects_with_compliance_framework: 2
+                projects_with_compliance_framework: 2,
+                ldap_servers: 2,
+                ldap_group_sync_enabled: true,
+                ldap_admin_sync_enabled: true,
+                omniauth_providers: ['google_oauth2'],
+                group_saml_enabled: true
              )
              expect(described_class.uncached_data[:usage_activity_by_stage_monthly][:manage]).to eq(
                events: 1,
@@ -442,9 +454,39 @@ describe Gitlab::UsageData do
                ldap_users: 1,
                users_created: 5,
                value_stream_management_customized_group_stages: 2,
-                projects_with_compliance_framework: 2
+                projects_with_compliance_framework: 2,
+                ldap_servers: 2,
+                ldap_group_sync_enabled: true,
+                ldap_admin_sync_enabled: true,
+                omniauth_providers: ['google_oauth2'],
+                group_saml_enabled: true
              )
            end
+            def omniauth_providers
+              [
+                OpenStruct.new(name: 'google_oauth2'),
+                OpenStruct.new(name: 'ldapmain'),
+                OpenStruct.new(name: 'group_saml')
+              ]
+            end
+            def ldap_server_config
+              {
+                'main' =>
+                  {
+                    'provider_name' => 'ldapmain',
+                    'group_base'    => 'ou=groups',
+                    'admin_group'   => 'my_group'
+                  },
+                'secondary' =>
+                  {
+                    'provider_name' => 'ldapsecondary',
+                    'group_base'    => nil,
+                    'admin_group'   => nil
+                  }
+              }
+            end
          end
          context 'for monitor' do