From 04225f2d25d3759b90895bb23b8a872ce269c446 Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Thu, 23 Feb 2017 13:26:47 -0500 Subject: [PATCH] Add feature flag for team syncing --- config.py | 5 +++++ endpoints/api/organization.py | 3 ++- endpoints/api/team.py | 5 +++-- static/directives/teams-manager.html | 4 ++-- static/js/directives/ui/teams-manager.js | 3 ++- test/testconfig.py | 1 + workers/teamsyncworker.py | 10 ++++++---- 7 files changed, 21 insertions(+), 10 deletions(-) diff --git a/config.py b/config.py index d8482b59f..a0fdefaa2 100644 --- a/config.py +++ b/config.py @@ -432,3 +432,8 @@ class DefaultConfig(object): # Maximum size allowed for layers in the registry. MAXIMUM_LAYER_SIZE = '20G' + + # Feature Flag: Whether team syncing from the backing auth is enabled. + FEATURE_TEAM_SYNCING = False + TEAM_RESYNC_STALE_TIME = '30m' + TEAM_SYNC_WORKER_FREQUENCY = 60 # seconds diff --git a/endpoints/api/organization.py b/endpoints/api/organization.py index 49e3194d9..9411d8edd 100644 --- a/endpoints/api/organization.py +++ b/endpoints/api/organization.py @@ -159,7 +159,8 @@ class Organization(ApiResource): teams = None if OrganizationMemberPermission(orgname).can(): - teams = model.team.get_teams_within_org(org, bool(authentication.federated_service)) + has_syncing = features.TEAM_SYNCING and bool(authentication.federated_service) + teams = model.team.get_teams_within_org(org, has_syncing) return org_view(org, teams) diff --git a/endpoints/api/team.py b/endpoints/api/team.py index 42c1f3f3c..320d008ad 100644 --- a/endpoints/api/team.py +++ b/endpoints/api/team.py @@ -108,7 +108,7 @@ def disallow_for_synced_team(except_robots=False): @wraps(func) def wrapper(self, *args, **kwargs): # Team syncing can only be enabled if we have a federated service. - if authentication.federated_service: + if features.TEAM_SYNCING and authentication.federated_service: orgname = kwargs['orgname'] teamname = kwargs['teamname'] if model.team.get_team_sync_information(orgname, teamname): @@ -208,6 +208,7 @@ class OrganizationTeam(ApiResource): @resource('/v1/organization//team//syncing') @path_param('orgname', 'The name of the organization') @path_param('teamname', 'The name of the team') +@show_if(features.TEAM_SYNCING) class OrganizationTeamSyncing(ApiResource): """ Resource for managing syncing of a team by a backing group. """ @require_scope(scopes.ORG_ADMIN) @@ -290,7 +291,7 @@ class TeamMemberList(ApiResource): 'can_edit': edit_permission.can(), } - if authentication.federated_service: + if features.TEAM_SYNCING and authentication.federated_service: if SuperUserPermission().can() and AdministerOrganizationPermission(orgname).can(): data['can_sync'] = { 'service': authentication.federated_service, diff --git a/static/directives/teams-manager.html b/static/directives/teams-manager.html index 217dcbaef..338e9fb72 100644 --- a/static/directives/teams-manager.html +++ b/static/directives/teams-manager.html @@ -41,7 +41,7 @@ - + @@ -66,7 +66,7 @@ -
Team Name
+ diff --git a/static/js/directives/ui/teams-manager.js b/static/js/directives/ui/teams-manager.js index 240eeb5fa..88e926318 100644 --- a/static/js/directives/ui/teams-manager.js +++ b/static/js/directives/ui/teams-manager.js @@ -12,9 +12,10 @@ angular.module('quay').directive('teamsManager', function () { 'organization': '=organization', 'isEnabled': '=isEnabled' }, - controller: function($scope, $element, ApiService, $timeout, UserService, TableService, UIService, Config) { + controller: function($scope, $element, ApiService, $timeout, UserService, TableService, UIService, Config, Features) { $scope.TableService = TableService; $scope.Config = Config; + $scope.Features = Features; $scope.options = { 'predicate': 'ordered_team_index', diff --git a/test/testconfig.py b/test/testconfig.py index b870a787a..72c5fb229 100644 --- a/test/testconfig.py +++ b/test/testconfig.py @@ -94,3 +94,4 @@ class TestConfig(DefaultConfig): RECAPTCHA_SECRET_KEY = 'somesecretkey' FEATURE_APP_REGISTRY = True + FEATURE_TEAM_SYNCING = True diff --git a/workers/teamsyncworker.py b/workers/teamsyncworker.py index 225118834..8776dcdc0 100644 --- a/workers/teamsyncworker.py +++ b/workers/teamsyncworker.py @@ -1,6 +1,8 @@ import logging import time +import features + from app import app, authentication from data.users.teamsync import sync_teams_to_groups from workers.worker import Worker @@ -8,8 +10,8 @@ from util.timedeltastring import convert_to_timedelta logger = logging.getLogger(__name__) -WORKER_FREQUENCY = app.config.get('TEAM_SYNC_WORKER_FREQUENCY', 10) -STALE_CUTOFF = convert_to_timedelta(app.config.get('TEAM_RESYNC_STALE_TIME', '30s')) +WORKER_FREQUENCY = app.config.get('TEAM_SYNC_WORKER_FREQUENCY', 60) +STALE_CUTOFF = convert_to_timedelta(app.config.get('TEAM_RESYNC_STALE_TIME', '30m')) class TeamSynchronizationWorker(Worker): """ Worker which synchronizes teams with their backing groups in LDAP/Keystone/etc. @@ -25,8 +27,8 @@ class TeamSynchronizationWorker(Worker): def main(): logging.config.fileConfig('conf/logging_debug.conf', disable_existing_loggers=False) - if not authentication.federated_service: - logger.debug('No federated auth is used; sleeping') + if not features.TEAM_SYNCING or not authentication.federated_service: + logger.debug('Team syncing is disabled; sleeping') while True: time.sleep(100000)