Skip to content

Add "default_membership_role" column to "saml_providers" table

Manoj M J requested to merge 214523-migration-add-default-role-to-saml-providers into master

What does this MR do?

This MR is the first step towards building #214523 (closed)

This adds a new column default_membership_role to saml_providers table, which has a default value of 10 (Guest Role access, which we have been historically using as membership level to any new member being added to a group via SSO)

In an upcoming MR, we will be exposing this attribute in the UI as part of the SAML settings form, where the group owner can set the default membership role from a dropdown, and this will be used as the role for any member added to the group from then on.

Up migration

== 20200722084623 AddDefaultMembershipRoleToSamlProvider: migrating ===========
-- add_column(:saml_providers, :default_membership_role, :smallint, {:default=>10, :null=>false})
   -> 0.0053s
== 20200722084623 AddDefaultMembershipRoleToSamlProvider: migrated (0.0054s) ==

Down migration

== 20200722084623 AddDefaultMembershipRoleToSamlProvider: reverting ===========
-- remove_column(:saml_providers, :default_membership_role, :smallint, {:default=>10, :null=>false})
   -> 0.0033s
== 20200722084623 AddDefaultMembershipRoleToSamlProvider: reverted (0.0052s) ==

Screenshots

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by Manoj M J

Merge request reports