Disable password authentication for SSO users (!168111) · Merge requests · GitLab.org / GitLab

Drew Blessing requested to merge dblessing_self_managed_sso_enforcement into master Oct 03, 2024

What does this MR do and why?

main: == [advisory_lock_connection] object_id: 119220, pg_backend_pid: 8123
main: == 20241003173147 AddSignInRestrictionsToApplicationSettings: migrating =======
main: -- add_column(:application_settings, :sign_in_restrictions, :jsonb, {:default=>{}, :null=>false, :if_not_exists=>true})
main:    -> 0.2112s
main: -- transaction_open?(nil)
main:    -> 0.0000s
main: -- transaction_open?(nil)
main:    -> 0.0000s
main: -- execute("ALTER TABLE application_settings\nADD CONSTRAINT check_application_settings_sign_in_restrictions_is_hash\nCHECK ( (jsonb_typeof(sign_in_restrictions) = 'object') )\nNOT VALID;\n")
main:    -> 0.0016s
main: -- execute("SET statement_timeout TO 0")
main:    -> 0.0004s
main: -- execute("ALTER TABLE application_settings VALIDATE CONSTRAINT check_application_settings_sign_in_restrictions_is_hash;")
main:    -> 0.0009s
main: -- execute("RESET statement_timeout")
main:    -> 0.0004s
main: == 20241003173147 AddSignInRestrictionsToApplicationSettings: migrated (0.2352s)

main: == [advisory_lock_connection] object_id: 119220, pg_backend_pid: 8123
ci: == [advisory_lock_connection] object_id: 119440, pg_backend_pid: 8125
ci: == 20241003173147 AddSignInRestrictionsToApplicationSettings: migrating =======
ci: -- add_column(:application_settings, :sign_in_restrictions, :jsonb, {:default=>{}, :null=>false, :if_not_exists=>true})
ci:    -> 0.2019s
ci: -- transaction_open?(nil)
ci:    -> 0.0000s
ci: -- transaction_open?(nil)
ci:    -> 0.0000s
ci: -- execute("ALTER TABLE application_settings\nADD CONSTRAINT check_application_settings_sign_in_restrictions_is_hash\nCHECK ( (jsonb_typeof(sign_in_restrictions) = 'object') )\nNOT VALID;\n")
ci:    -> 0.0031s
ci: -- execute("SET statement_timeout TO 0")
ci:    -> 0.0006s
ci: -- execute("ALTER TABLE application_settings VALIDATE CONSTRAINT check_application_settings_sign_in_restrictions_is_hash;")
ci:    -> 0.0013s
ci: -- execute("RESET statement_timeout")
ci:    -> 0.0003s
ci: == 20241003173147 AddSignInRestrictionsToApplicationSettings: migrated (0.2550s)

ci: == [advisory_lock_connection] object_id: 119440, pg_backend_pid: 8125

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before	After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Edited Oct 03, 2024 by Drew Blessing

Disable password authentication for SSO users

What does this MR do and why?

MR acceptance checklist

Screenshots or screen recordings

How to set up and validate locally

Merge request reports