Merge branch 'dblessing_saml_group_links' into 'master'

Create SamlGroupLink table and model See merge request gitlab-org/gitlab!45061

Merge branch 'dblessing_saml_group_links' into 'master'
Create SamlGroupLink table and model See merge request gitlab-org/gitlab!45061
c4b70cc2 · Adam Hegyi · 5cf068a4 · 675b67b1 · c4b70cc2 · c4b70cc2
Commit c4b70cc2 authored Oct 19, 2020 by Adam Hegyi
9 changed files
--- a/db/migrate/20201012194936_create_saml_group_links.rb
+++ b/db/migrate/20201012194936_create_saml_group_links.rb
+# frozen_string_literal: true
+
+class CreateSamlGroupLinks < ActiveRecord::Migration[6.0]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    with_lock_retries do
+      create_table :saml_group_links, if_not_exists: true do |t|
+        t.integer :access_level, null: false, limit: 2
+        t.references :group, index: false, foreign_key: { to_table: :namespaces, on_delete: :cascade }, null: false
+        t.timestamps_with_timezone
+        t.text :saml_group_name, null: false
+
+        t.index [:group_id, :saml_group_name], unique: true
+      end
+    end
+
+    add_text_limit :saml_group_links, :saml_group_name, 255
+  end
+
+  def down
+    with_lock_retries do
+      drop_table :saml_group_links
+    end
+  end
+end
--- a/db/schema_migrations/20201012194936
+++ b/db/schema_migrations/20201012194936
+823d23d8ce8959762a7cadb883ed6d36a46fedaf238ea955d93136277d55cad5
\ No newline at end of file
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -15752,6 +15752,25 @@ CREATE SEQUENCE routes_id_seq

 ALTER SEQUENCE routes_id_seq OWNED BY routes.id;

+CREATE TABLE saml_group_links (
+    id bigint NOT NULL,
+    access_level smallint NOT NULL,
+    group_id bigint NOT NULL,
+    created_at timestamp with time zone NOT NULL,
+    updated_at timestamp with time zone NOT NULL,
+    saml_group_name text NOT NULL,
+    CONSTRAINT check_1b3fc49d1e CHECK ((char_length(saml_group_name) <= 255))
+);
+
+CREATE SEQUENCE saml_group_links_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+ALTER SEQUENCE saml_group_links_id_seq OWNED BY saml_group_links.id;
+
 CREATE TABLE saml_providers (
    id integer NOT NULL,
    group_id integer NOT NULL,
@@ -17898,6 +17917,8 @@ ALTER TABLE ONLY reviews ALTER COLUMN id SET DEFAULT nextval('reviews_id_seq'::r

 ALTER TABLE ONLY routes ALTER COLUMN id SET DEFAULT nextval('routes_id_seq'::regclass);

+ALTER TABLE ONLY saml_group_links ALTER COLUMN id SET DEFAULT nextval('saml_group_links_id_seq'::regclass);
+
 ALTER TABLE ONLY saml_providers ALTER COLUMN id SET DEFAULT nextval('saml_providers_id_seq'::regclass);

 ALTER TABLE ONLY scim_identities ALTER COLUMN id SET DEFAULT nextval('scim_identities_id_seq'::regclass);
@@ -19206,6 +19227,9 @@ ALTER TABLE ONLY reviews
 ALTER TABLE ONLY routes
    ADD CONSTRAINT routes_pkey PRIMARY KEY (id);

+ALTER TABLE ONLY saml_group_links
+    ADD CONSTRAINT saml_group_links_pkey PRIMARY KEY (id);
+
 ALTER TABLE ONLY saml_providers
    ADD CONSTRAINT saml_providers_pkey PRIMARY KEY (id);

@@ -21454,6 +21478,8 @@ CREATE INDEX index_routes_on_path_trigram ON routes USING gin (path gin_trgm_ops

 CREATE UNIQUE INDEX index_routes_on_source_type_and_source_id ON routes USING btree (source_type, source_id);

+CREATE UNIQUE INDEX index_saml_group_links_on_group_id_and_saml_group_name ON saml_group_links USING btree (group_id, saml_group_name);
+
 CREATE INDEX index_saml_providers_on_group_id ON saml_providers USING btree (group_id);

 CREATE INDEX index_scim_identities_on_group_id ON scim_identities USING btree (group_id);
@@ -23025,6 +23051,9 @@ ALTER TABLE ONLY clusters_applications_runners
 ALTER TABLE ONLY service_desk_settings
    ADD CONSTRAINT fk_rails_223a296a85 FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE;

+ALTER TABLE ONLY saml_group_links
+    ADD CONSTRAINT fk_rails_22e312c530 FOREIGN KEY (group_id) REFERENCES namespaces(id) ON DELETE CASCADE;
+
 ALTER TABLE ONLY group_custom_attributes
    ADD CONSTRAINT fk_rails_246e0db83a FOREIGN KEY (group_id) REFERENCES namespaces(id) ON DELETE CASCADE;


--- a/ee/app/models/ee/group.rb
+++ b/ee/app/models/ee/group.rb
@@ -27,6 +27,7 @@ module EE
      has_one :scim_oauth_access_token

      has_many :ldap_group_links, foreign_key: 'group_id', dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
+      has_many :saml_group_links, foreign_key: 'group_id'
      has_many :hooks, dependent: :destroy, class_name: 'GroupHook' # rubocop:disable Cop/ActiveRecordDependent

      has_one :dependency_proxy_setting, class_name: 'DependencyProxy::GroupSetting'
@@ -222,6 +223,12 @@ module EE
      ensure_saml_discovery_token!
    end

+    def saml_enabled?
+      return false unless saml_provider
+
+      saml_provider.persisted? && saml_provider.enabled?
+    end
+
    override :multiple_issue_boards_available?
    def multiple_issue_boards_available?
      feature_available?(:multiple_group_issue_boards)

--- a/ee/app/models/saml_group_link.rb
+++ b/ee/app/models/saml_group_link.rb
+# frozen_string_literal: true
+
+class SamlGroupLink < ApplicationRecord
+  belongs_to :group
+
+  enum access_level: ::Gitlab::Access.options_with_owner
+
+  validates :group, :access_level, presence: true
+  validates :saml_group_name, presence: true, uniqueness: { scope: [:group_id] }, length: { maximum: 255 }
+end
--- a/ee/changelogs/unreleased/dblessing_saml_group_links.yml
+++ b/ee/changelogs/unreleased/dblessing_saml_group_links.yml
+---
+title: Create SamlGroupLink table and model
+merge_request: 45061
+author:
+type: added
--- a/ee/spec/factories/saml_group_links.rb
+++ b/ee/spec/factories/saml_group_links.rb
+# frozen_string_literal: true
+
+FactoryBot.define do
+  factory :saml_group_link do
+    sequence(:saml_group_name) { |n| "saml-group#{n}" }
+    access_level { Gitlab::Access::GUEST }
+    group
+  end
+end
--- a/ee/spec/models/group_spec.rb
+++ b/ee/spec/models/group_spec.rb
@@ -23,6 +23,7 @@ RSpec.describe Group do
    it { is_expected.to have_one(:deletion_schedule) }
    it { is_expected.to have_one(:group_wiki_repository) }
    it { is_expected.to belong_to(:push_rule) }
+    it { is_expected.to have_many(:saml_group_links) }

    it_behaves_like 'model with wiki' do
      let(:container) { create(:group, :nested, :wiki_repo) }
@@ -767,6 +768,30 @@ RSpec.describe Group do
    end
  end

+  describe '#saml_enabled?' do
+    subject { group.saml_enabled? }
+
+    context 'when a SAML provider does not exist' do
+      it { is_expected.to eq(false) }
+    end
+
+    context 'when a SAML provider exists and is persisted' do
+      before do
+        create(:saml_provider, group: group)
+      end
+
+      it { is_expected.to eq(true) }
+    end
+
+    context 'when a SAML provider is not persisted' do
+      before do
+        build(:saml_provider, group: group)
+      end
+
+      it { is_expected.to eq(false) }
+    end
+  end
+
  describe '#alpha/beta_feature_available?' do
    it_behaves_like 'an entity with alpha/beta feature support' do
      let(:entity) { group }

--- a/ee/spec/models/saml_group_link_spec.rb
+++ b/ee/spec/models/saml_group_link_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe SamlGroupLink do
+  describe 'associations' do
+    it { is_expected.to belong_to(:group) }
+  end
+
+  describe 'validations' do
+    it { is_expected.to validate_presence_of(:group) }
+    it { is_expected.to validate_presence_of(:access_level) }
+    it { is_expected.to validate_presence_of(:saml_group_name) }
+    it { is_expected.to validate_length_of(:saml_group_name).is_at_most(255) }
+    it { is_expected.to define_enum_for(:access_level).with_values(Gitlab::Access.options_with_owner) }
+
+    context 'group name uniqueness' do
+      before do
+        create(:saml_group_link, group: create(:group))
+      end
+
+      it { is_expected.to validate_uniqueness_of(:saml_group_name).scoped_to([:group_id]) }
+    end
+  end
+end