Sync Member Roles when syncing members via Group Sync (!139131) · Merge requests · GitLab.org / GitLab

Alex Buijs requested to merge sync-member-roles-via-group-sync into master Dec 07, 2023

What does this MR do and why?

When a Member Role exists on a SAML Group Link, save the Member Role when syncing members via SAML Group Sync.

How to set up and validate locally

Enable Group SAML

gdk config set omniauth.group_saml.enabled true && gdk reconfigure && gdk restart rails-web

Enable the feature flag in the console:

Feature.enable(:custom_roles_for_saml_group_links)

Create a group with Ultimate license
Go to http://localhost:3000/groups/${group_id}/-/settings/roles_and_permissions and create a custom role
Go to http://localhost:3000/groups/${group_id}/-/saml and enable SAML authentication by adding a bogus identity provider:
Go to http://localhost:3000/groups/${new_group}/-/saml_group_links, fill in a name and select the custom role

In the console, simulate a group sync with a random existing user:

GroupSamlGroupSyncWorker.new.perform(${user_id},${group_id}, [${saml_group_link_id}])
=> {:added=>1, :updated=>0, :removed=>0}

Check that the user was added as a direct member to the group with the member role

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Dec 13, 2023 by Alex Buijs

Sync Member Roles when syncing members via Group Sync

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports