Expose LDAP Override in API, add set and clear methods
What does this MR do?
Closes #4875 (closed)
Fix-up of community contribution originally in !4465 (closed). The MR has been around for quite some time (due to our own failings in the review process) and in the interest of getting the user's contirbution merged I'm fixing up a few minor things.
It is currently possible to override LDAP permissions from the GitLab web interface, but not from the GitLab API.
This MR adds a new GitLab API route which allows manipulation of the override
member attribute. This makes it possible to override LDAP permissions from the GitLab API.
See #4875 (closed) for more details.
Are there points in the code the reviewer needs to double check?
- I can't see a way to get around modifying
lib/api/entities.rb
to add the prepend -- this causes CI to fail
Why was this MR needed?
We have a need to script the override of LDAP permissions. While this is possible by screenscraping the web UI, this is not elegant and is likely to be more fragile in the future. (And was also broken by the token scope restriction in GitLab 11.5.1)
@davinwalker (EE support request #89929) has indicated that GitLab Inc would be open to extending the API to support this.
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team