Ensure Rake DB create doesn't fail when LDAP is enabled

In EE, when LDAP is enabled GitLab will try to determine whether multiple LDAP servers are supported on initialization. When Rake is trying to create a database for the first time, this attempt to look at a licensed feature caused a failure. Now this license lookup will fail silently.

Ensure Rake DB create doesn't fail when LDAP is enabled
In EE, when LDAP is enabled GitLab will try to determine whether multiple LDAP servers are supported on initialization. When Rake is trying to create a database for the first time, this attempt to look at a licensed feature caused a failure. Now this license lookup will fail silently.
afd40b38 · Drew Blessing · Drew Blessing · a01d8a60 · afd40b38 · afd40b38
Commit afd40b38 authored Jan 06, 2021 by Drew Blessing Committed by Drew Blessing Jan 11, 2021
6 changed files
--- a/changelogs/unreleased/dblessing_ldap_rake_db_create_fix.yml
+++ b/changelogs/unreleased/dblessing_ldap_rake_db_create_fix.yml
+---
+title: Ensure Rake DB create doesn't fail when LDAP is enabled
+merge_request: 51132
+author:
+type: fixed
--- a/config/initializers/8_devise.rb
+++ b/config/initializers/8_devise.rb
@@ -232,7 +232,7 @@ Devise.setup do |config|
  end

  if Gitlab::Auth::Ldap::Config.enabled?
-    Gitlab::Auth::Ldap::Config.providers.each do |provider|
+    Gitlab::Auth::Ldap::Config.available_providers.each do |provider|
      ldap_config = Gitlab::Auth::Ldap::Config.new(provider)
      config.omniauth(provider, ldap_config.omniauth_options)
    end

--- a/ee/lib/ee/gitlab/auth/ldap/config.rb
+++ b/ee/lib/ee/gitlab/auth/ldap/config.rb
@@ -17,6 +17,9 @@ module EE
            override :_available_servers
            def _available_servers
              ::License.feature_available?(:multiple_ldap_servers) ? servers : super
+            rescue ActiveRecord::NoDatabaseError
+              # Rake is probably trying to initialize the DB
+              []
            end
          end
        end

--- a/ee/spec/lib/ee/gitlab/auth/ldap/config_spec.rb
+++ b/ee/spec/lib/ee/gitlab/auth/ldap/config_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Gitlab::Auth::Ldap::Config do
+  include LdapHelpers
+
+  describe '.available_providers' do
+    before do
+      stub_ldap_setting(
+        'enabled' => true,
+        'servers' => {
+          'main'      => { 'provider_name' => 'ldapmain' },
+          'secondary' => { 'provider_name' => 'ldapsecondary' }
+        }
+      )
+    end
+
+    context 'when multiple LDAP servers are licensed' do
+      before do
+        stub_licensed_features(multiple_ldap_servers: true)
+      end
+
+      it 'returns multiple configured providers' do
+        expect(described_class.available_providers).to match_array(%w(ldapmain ldapsecondary))
+      end
+    end
+  end
+
+  describe '._available_servers' do
+    context 'when no database connection occurs' do
+      before do
+        allow(::License).to receive(:feature_available?).and_raise(ActiveRecord::NoDatabaseError)
+      end
+
+      it 'returns an empty array' do
+        expect(described_class._available_servers).to eq([])
+      end
+    end
+  end
+end
--- a/lib/gitlab/auth/ldap/config.rb
+++ b/lib/gitlab/auth/ldap/config.rb
@@ -28,7 +28,7 @@ module Gitlab
        end

        def self.servers
-          Gitlab.config.ldap['servers']&.values || []
+          Gitlab.config.ldap.servers&.values || []
        end

        def self.available_servers
@@ -42,9 +42,18 @@ module Gitlab
        end

        def self.providers
-          servers.map { |server| server['provider_name'] }
+          provider_names_from_servers(servers)
        end

+        def self.available_providers
+          provider_names_from_servers(available_servers)
+        end
+
+        def self.provider_names_from_servers(servers)
+          servers&.map { |server| server['provider_name'] } || []
+        end
+        private_class_method :provider_names_from_servers
+
        def self.valid_provider?(provider)
          providers.include?(provider)
        end

--- a/spec/lib/gitlab/auth/ldap/config_spec.rb
+++ b/spec/lib/gitlab/auth/ldap/config_spec.rb
@@ -5,6 +5,10 @@ require 'spec_helper'
 RSpec.describe Gitlab::Auth::Ldap::Config do
  include LdapHelpers

+  before do
+    stub_ldap_setting(enabled: true)
+  end
+
  let(:config) { described_class.new('ldapmain') }

  def raw_cert
@@ -68,12 +72,28 @@ AtlErSqafbECNDSwS5BX8yDpu5yRBJ4xegO/rNlmb8ICRYkuJapD1xXicFOsmfUK

  describe '.servers' do
    it 'returns empty array if no server information is available' do
-      allow(Gitlab.config).to receive(:ldap).and_return('enabled' => false)
+      stub_ldap_setting(servers: {})

      expect(described_class.servers).to eq []
    end
  end

+  describe '.available_providers' do
+    before do
+      stub_licensed_features(multiple_ldap_servers: false)
+      stub_ldap_setting(
+        'servers' => {
+          'main' => { 'provider_name' => 'ldapmain' },
+          'secondary' => { 'provider_name' => 'ldapsecondary' }
+        }
+      )
+    end
+
+    it 'returns one provider' do
+      expect(described_class.available_providers).to match_array(%w(ldapmain))
+    end
+  end
+
  describe '#initialize' do
    it 'requires a provider' do
      expect { described_class.new }.to raise_error ArgumentError