Create SamlGroupLink table and model
What does this MR do?
Part 1 of #267019 (closed)
This creates the saml_group_links
table and the associated model SamlGroupLink
. This will store links between GitLab groups and SAML IdP groups for the purposes of group sync. This will work similar to how LDAP Group Links work.
The end result will be a user will get the specified access_level
in the specific GitLab group if they are a member of the linked group in SAML. If the user is a member of multiple SAML groups that match multiple links to the same GitLab group, the user will receive the highest access level.
Database
Migration
== 20201012194936 CreateSamlGroupLinks: migrating =============================
-- table_exists?(:saml_group_links)
-> 0.0007s
-- create_table(:saml_group_links)
-> 0.0166s
-- transaction_open?()
-> 0.0000s
-- current_schema()
-> 0.0003s
-- execute("ALTER TABLE saml_group_links\nADD CONSTRAINT check_1a5ae2ac07\nCHECK ( char_length(group_name) <= 255 )\nNOT VALID;\n")
-> 0.0005s
-- current_schema()
-> 0.0002s
-- execute("SET statement_timeout TO 0")
-> 0.0002s
-- execute("ALTER TABLE saml_group_links VALIDATE CONSTRAINT check_1a5ae2ac07;")
-> 0.0005s
-- execute("RESET ALL")
-> 0.0002s
== 20201012194936 CreateSamlGroupLinks: migrated (0.0316s) ====================
Rollback
== 20201012194936 CreateSamlGroupLinks: reverting =============================
-- drop_table(:saml_group_links)
-> 0.0045s
== 20201012194936 CreateSamlGroupLinks: reverted (0.0195s) ====================
Screenshots
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry - [-] Documentation (if required)
-
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. - [-] Tested in all supported browsers
- [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec
- [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team
Edited by Drew Blessing