From 04225f2d25d3759b90895bb23b8a872ce269c446 Mon Sep 17 00:00:00 2001
From: Joseph Schorr <josephschorr@users.noreply.github.com>
Date: Thu, 23 Feb 2017 13:26:47 -0500
Subject: [PATCH] Add feature flag for team syncing

---
 config.py                                |  5 +++++
 endpoints/api/organization.py            |  3 ++-
 endpoints/api/team.py                    |  5 +++--
 static/directives/teams-manager.html     |  4 ++--
 static/js/directives/ui/teams-manager.js |  3 ++-
 test/testconfig.py                       |  1 +
 workers/teamsyncworker.py                | 10 ++++++----
 7 files changed, 21 insertions(+), 10 deletions(-)
diff --git a/config.py b/config.py
index d8482b59f..a0fdefaa2 100644
--- a/config.py
+++ b/config.py
@@ -432,3 +432,8 @@ class DefaultConfig(object):
 
   # Maximum size allowed for layers in the registry.
   MAXIMUM_LAYER_SIZE = '20G'
+
+  # Feature Flag: Whether team syncing from the backing auth is enabled.
+  FEATURE_TEAM_SYNCING = False
+  TEAM_RESYNC_STALE_TIME = '30m'
+  TEAM_SYNC_WORKER_FREQUENCY = 60 # seconds
diff --git a/endpoints/api/organization.py b/endpoints/api/organization.py
index 49e3194d9..9411d8edd 100644
--- a/endpoints/api/organization.py
+++ b/endpoints/api/organization.py
@@ -159,7 +159,8 @@ class Organization(ApiResource):
 
     teams = None
     if OrganizationMemberPermission(orgname).can():
-      teams = model.team.get_teams_within_org(org, bool(authentication.federated_service))
+      has_syncing = features.TEAM_SYNCING and bool(authentication.federated_service)
+      teams = model.team.get_teams_within_org(org, has_syncing)
 
     return org_view(org, teams)
 
diff --git a/endpoints/api/team.py b/endpoints/api/team.py
index 42c1f3f3c..320d008ad 100644
--- a/endpoints/api/team.py
+++ b/endpoints/api/team.py
@@ -108,7 +108,7 @@ def disallow_for_synced_team(except_robots=False):
     @wraps(func)
     def wrapper(self, *args, **kwargs):
       # Team syncing can only be enabled if we have a federated service.
-      if authentication.federated_service:
+      if features.TEAM_SYNCING and authentication.federated_service:
         orgname = kwargs['orgname']
         teamname = kwargs['teamname']
         if model.team.get_team_sync_information(orgname, teamname):
@@ -208,6 +208,7 @@ class OrganizationTeam(ApiResource):
 @resource('/v1/organization/<orgname>/team/<teamname>/syncing')
 @path_param('orgname', 'The name of the organization')
 @path_param('teamname', 'The name of the team')
+@show_if(features.TEAM_SYNCING)
 class OrganizationTeamSyncing(ApiResource):
   """ Resource for managing syncing of a team by a backing group. """
   @require_scope(scopes.ORG_ADMIN)
@@ -290,7 +291,7 @@ class TeamMemberList(ApiResource):
         'can_edit': edit_permission.can(),
       }
 
-      if authentication.federated_service:
+      if features.TEAM_SYNCING and authentication.federated_service:
         if SuperUserPermission().can() and AdministerOrganizationPermission(orgname).can():
           data['can_sync'] = {
             'service': authentication.federated_service,
diff --git a/static/directives/teams-manager.html b/static/directives/teams-manager.html
index 217dcbaef..338e9fb72 100644
--- a/static/directives/teams-manager.html
+++ b/static/directives/teams-manager.html
@@ -41,7 +41,7 @@
 
     <table class="co-table" style="margin-top: 10px;">
       <thead>
-        <td class="options-col" ng-if="::Config.AUTHENTICATION_TYPE != 'Database'"></td>
+        <td class="options-col" ng-if="::Config.AUTHENTICATION_TYPE != 'Database' && Features.TEAM_SYNCING"></td>
         <td ng-class="TableService.tablePredicateClass('name', options.predicate, options.reverse)">
           <a ng-click="TableService.orderBy('name', options)">Team Name</a>
         </td>
@@ -66,7 +66,7 @@
        <tr class="co-checkable-row"
            ng-repeat="team in orderedTeams.visibleEntries"
            bindonce>
-        <td class="options-col" ng-if="::Config.AUTHENTICATION_TYPE != 'Database'">
+        <td class="options-col" ng-if="::Config.AUTHENTICATION_TYPE != 'Database' && Features.TEAM_SYNCING">
           <i class="fa fa-refresh" ng-if="team.is_synced" data-title="Team is synchronized with a backing group" bs-tooltip></i>
         </td>
         <td style="white-space: nowrap;">
diff --git a/static/js/directives/ui/teams-manager.js b/static/js/directives/ui/teams-manager.js
index 240eeb5fa..88e926318 100644
--- a/static/js/directives/ui/teams-manager.js
+++ b/static/js/directives/ui/teams-manager.js
@@ -12,9 +12,10 @@ angular.module('quay').directive('teamsManager', function () {
       'organization': '=organization',
       'isEnabled': '=isEnabled'
     },
-    controller: function($scope, $element, ApiService, $timeout, UserService, TableService, UIService, Config) {
+    controller: function($scope, $element, ApiService, $timeout, UserService, TableService, UIService, Config, Features) {
       $scope.TableService = TableService;
       $scope.Config = Config;
+      $scope.Features = Features;
 
       $scope.options = {
         'predicate': 'ordered_team_index',
diff --git a/test/testconfig.py b/test/testconfig.py
index b870a787a..72c5fb229 100644
--- a/test/testconfig.py
+++ b/test/testconfig.py
@@ -94,3 +94,4 @@ class TestConfig(DefaultConfig):
   RECAPTCHA_SECRET_KEY = 'somesecretkey'
 
   FEATURE_APP_REGISTRY = True
+  FEATURE_TEAM_SYNCING = True
diff --git a/workers/teamsyncworker.py b/workers/teamsyncworker.py
index 225118834..8776dcdc0 100644
--- a/workers/teamsyncworker.py
+++ b/workers/teamsyncworker.py
@@ -1,6 +1,8 @@
 import logging
 import time
 
+import features
+
 from app import app, authentication
 from data.users.teamsync import sync_teams_to_groups
 from workers.worker import Worker
@@ -8,8 +10,8 @@ from util.timedeltastring import convert_to_timedelta
 
 logger = logging.getLogger(__name__)
 
-WORKER_FREQUENCY = app.config.get('TEAM_SYNC_WORKER_FREQUENCY', 10)
-STALE_CUTOFF = convert_to_timedelta(app.config.get('TEAM_RESYNC_STALE_TIME', '30s'))
+WORKER_FREQUENCY = app.config.get('TEAM_SYNC_WORKER_FREQUENCY', 60)
+STALE_CUTOFF = convert_to_timedelta(app.config.get('TEAM_RESYNC_STALE_TIME', '30m'))
 
 class TeamSynchronizationWorker(Worker):
   """ Worker which synchronizes teams with their backing groups in LDAP/Keystone/etc.
@@ -25,8 +27,8 @@ class TeamSynchronizationWorker(Worker):
 def main():
   logging.config.fileConfig('conf/logging_debug.conf', disable_existing_loggers=False)
 
-  if not authentication.federated_service:
-    logger.debug('No federated auth is used; sleeping')
+  if not features.TEAM_SYNCING or not authentication.federated_service:
+    logger.debug('Team syncing is disabled; sleeping')
     while True:
       time.sleep(100000)
 

		Team Name
+		diff --git a/static/js/directives/ui/teams-manager.js b/static/js/directives/ui/teams-manager.js index 240eeb5fa..88e926318 100644 --- a/static/js/directives/ui/teams-manager.js +++ b/static/js/directives/ui/teams-manager.js @@ -12,9 +12,10 @@ angular.module('quay').directive('teamsManager', function () { 'organization': '=organization', 'isEnabled': '=isEnabled' }, - controller: function($scope, $element, ApiService, $timeout, UserService, TableService, UIService, Config) { + controller: function($scope, $element, ApiService, $timeout, UserService, TableService, UIService, Config, Features) { $scope.TableService = TableService; $scope.Config = Config; + $scope.Features = Features; $scope.options = { 'predicate': 'ordered_team_index', diff --git a/test/testconfig.py b/test/testconfig.py index b870a787a..72c5fb229 100644 --- a/test/testconfig.py +++ b/test/testconfig.py @@ -94,3 +94,4 @@ class TestConfig(DefaultConfig): RECAPTCHA_SECRET_KEY = 'somesecretkey' FEATURE_APP_REGISTRY = True + FEATURE_TEAM_SYNCING = True diff --git a/workers/teamsyncworker.py b/workers/teamsyncworker.py index 225118834..8776dcdc0 100644 --- a/workers/teamsyncworker.py +++ b/workers/teamsyncworker.py @@ -1,6 +1,8 @@ import logging import time +import features + from app import app, authentication from data.users.teamsync import sync_teams_to_groups from workers.worker import Worker @@ -8,8 +10,8 @@ from util.timedeltastring import convert_to_timedelta logger = logging.getLogger(__name__) -WORKER_FREQUENCY = app.config.get('TEAM_SYNC_WORKER_FREQUENCY', 10) -STALE_CUTOFF = convert_to_timedelta(app.config.get('TEAM_RESYNC_STALE_TIME', '30s')) +WORKER_FREQUENCY = app.config.get('TEAM_SYNC_WORKER_FREQUENCY', 60) +STALE_CUTOFF = convert_to_timedelta(app.config.get('TEAM_RESYNC_STALE_TIME', '30m')) class TeamSynchronizationWorker(Worker): """ Worker which synchronizes teams with their backing groups in LDAP/Keystone/etc. @@ -25,8 +27,8 @@ class TeamSynchronizationWorker(Worker): def main(): logging.config.fileConfig('conf/logging_debug.conf', disable_existing_loggers=False) - if not authentication.federated_service: - logger.debug('No federated auth is used; sleeping') + if not features.TEAM_SYNCING or not authentication.federated_service: + logger.debug('Team syncing is disabled; sleeping') while True: time.sleep(100000)