Merge branch 'sso-dedicated-group-accounts-flag' into 'master'

Add dedicated group accounts flag & feature flag See merge request gitlab-org/gitlab-ee!9625

Merge branch 'sso-dedicated-group-accounts-flag' into 'master'
Add dedicated group accounts flag & feature flag See merge request gitlab-org/gitlab-ee!9625
db38e6f7 · James Lopez · 9cc333b2 · f59c3a01 · db38e6f7 · db38e6f7
Commit db38e6f7 authored Feb 28, 2019 by James Lopez
6 changed files
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -2721,6 +2721,7 @@ ActiveRecord::Schema.define(version: 20190220150130) do
    t.string "certificate_fingerprint", null: false
    t.string "sso_url", null: false
    t.boolean "enforced_sso", default: false, null: false
+    t.boolean "enforced_group_managed_accounts", default: false, null: false
    t.index ["group_id"], name: "index_saml_providers_on_group_id", using: :btree
  end


--- a/ee/app/controllers/groups/saml_providers_controller.rb
+++ b/ee/app/controllers/groups/saml_providers_controller.rb
@@ -44,6 +44,7 @@ class Groups::SamlProvidersController < Groups::ApplicationController
    allowed_params = %i[sso_url certificate_fingerprint enabled]

    allowed_params += [:enforced_sso] if Feature.enabled?(:enforced_sso, group)
+    allowed_params += [:enforced_group_managed_accounts] if Feature.enabled?(:group_managed_accounts, group)

    params.require(:saml_provider).permit(allowed_params)
  end

--- a/ee/app/views/groups/saml_providers/_form.html.haml
+++ b/ee/app/views/groups/saml_providers/_form.html.haml
@@ -16,6 +16,14 @@
            = f.check_box :enforced_sso, class: 'form-check-input'
            = f.label :enforced_sso, class: 'form-check-label' do
              = _("Enforce SSO-only authentication for this group")
+    - if Feature.enabled?(:group_managed_accounts, group)
+      .form-group.row
+        = f.label :enforced_group_managed_accounts, _("Group managed accounts"), class: 'col-form-label col-sm-2'
+        .col-sm-10
+          .form-check
+            = f.check_box :enforced_group_managed_accounts, class: 'form-check-input'
+            = f.label :enforced_group_managed_accounts, class: 'form-check-label' do
+              = _("Enforce users to have dedicated group managed accounts for this group")
    .form-group.row
      = f.label :sso_url, class: 'col-form-label col-sm-2' do
        = _("Identity provider single sign on URL")

--- a/ee/db/migrate/20190220112238_add_saml_provider_group_managed_accounts_flag.rb
+++ b/ee/db/migrate/20190220112238_add_saml_provider_group_managed_accounts_flag.rb
+# frozen_string_literal: true
+
+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class AddSamlProviderGroupManagedAccountsFlag < ActiveRecord::Migration[5.0]
+  include Gitlab::Database::MigrationHelpers
+
+  # Set this constant to true if this migration requires downtime.
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    add_column_with_default :saml_providers, :enforced_group_managed_accounts, :boolean, default: false, allow_null: false
+  end
+
+  def down
+    remove_column :saml_providers, :enforced_group_managed_accounts
+  end
+end
--- a/ee/spec/controllers/groups/saml_providers_controller_spec.rb
+++ b/ee/spec/controllers/groups/saml_providers_controller_spec.rb
@@ -97,25 +97,61 @@ describe Groups::SamlProvidersController do
    end

    describe 'PUT #update' do
-      subject { put :update, params: { group_id: group, saml_provider: { enforced_sso: 'true' } } }
+      subject { put :update, params: { group_id: group, saml_provider: { enforced_sso: 'true', enforced_group_managed_accounts: 'true' } } }

      before do
        group.add_owner(user)
      end

-      context 'enforced sso enabled' do
-        it 'updates the flag' do
+      context 'enforced_sso feature flag enabled' do
+        before do
          stub_feature_flags(enforced_sso: true)
+        end

-          expect { subject }.to change { saml_provider.reload.enforced_sso }.to(true)
+        it 'updates the flags' do
+          expect do
+            subject
+            saml_provider.reload
+          end.to change { saml_provider.enforced_sso? }.to(true)
        end
      end

-      context 'enforced sso disabled' do
-        it 'does not update the flag' do
+      context 'enforced_sso feature flag disabled' do
+        before do
          stub_feature_flags(enforced_sso: false)
+        end
+
+        it 'does not update the setting' do
+          expect do
+            subject
+            saml_provider.reload
+          end.not_to change { saml_provider.enforced_sso? }.from(false)
+        end
+      end
+
+      context 'group_managed_accounts feature flag enabled' do
+        before do
+          stub_feature_flags(group_managed_accounts: true)
+        end
+
+        it 'updates the flags' do
+          expect do
+            subject
+            saml_provider.reload
+          end.to change { saml_provider.enforced_group_managed_accounts? }.to(true)
+        end
+      end
+
+      context 'group_managed_accounts feature flag disabled' do
+        before do
+          stub_feature_flags(group_managed_accounts: false)
+        end

-          expect { subject }.not_to change { saml_provider.reload.enforced_sso }.from(false)
+        it 'does not update the setting' do
+          expect do
+            subject
+            saml_provider.reload
+          end.not_to change { saml_provider.enforced_group_managed_accounts? }.from(false)
        end
      end
    end

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -3614,6 +3614,9 @@ msgstr ""
 msgid "Enforce SSO-only authentication for this group"
 msgstr ""

+msgid "Enforce users to have dedicated group managed accounts for this group"
+msgstr ""
+
 msgid "Enforced SSO"
 msgstr ""

@@ -4888,6 +4891,9 @@ msgstr ""
 msgid "Group maintainers can register group runners in the %{link}"
 msgstr ""

+msgid "Group managed accounts"
+msgstr ""
+
 msgid "Group name"
 msgstr ""