Part 3: SSO enforcement should respect Admin Mode for groups access (!118400) · Merge requests · GitLab.org / GitLab

Bogdan Denkovych requested to merge bdenkovych-issue-405021-part-3 into master Apr 21, 2023

What does this MR do and why?

In !117389 (merged) and !117582 (merged) we added hundreds of specs related to SSO enforcement to change the related code confidently.

In this MR, we extract admin/auditor checks related to bypassing SSO enforcement from Group/Project policy level to ::Gitlab::Auth::GroupSaml::SsoEnforcer class. By that refactoring, we fixed the typebug that allows admins to access groups regardless Admin Mode. We also add specs for that case and lots of new specs for ::Gitlab::Auth::GroupSaml::SsoEnforcer.group_access_restricted? method.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Apr 25, 2023 by Bogdan Denkovych

Part 3: SSO enforcement should respect Admin Mode for groups access

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports