vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add feature flag for team syncing

Browse source
This commit is contained in:
Joseph Schorr 2017-02-23 13:26:47 -05:00
parent 96b9d6b0cd
commit 04225f2d25
7 changed files with 21 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
config.py
View file

@ -432,3 +432,8 @@ class DefaultConfig(object):
# Maximum size allowed for layers in the registry. # Maximum size allowed for layers in the registry.
MAXIMUM_LAYER_SIZE = '20G' MAXIMUM_LAYER_SIZE = '20G'
# Feature Flag: Whether team syncing from the backing auth is enabled.
FEATURE_TEAM_SYNCING = False
TEAM_RESYNC_STALE_TIME = '30m'
TEAM_SYNC_WORKER_FREQUENCY = 60 # seconds

3
endpoints/api/organization.py
View file

@ -159,7 +159,8 @@ class Organization(ApiResource):
teams = None teams = None
if OrganizationMemberPermission(orgname).can(): if OrganizationMemberPermission(orgname).can():
teams = model.team.get_teams_within_org(org, bool(authentication.federated_service)) has_syncing = features.TEAM_SYNCING and bool(authentication.federated_service)
teams = model.team.get_teams_within_org(org, has_syncing)
return org_view(org, teams) return org_view(org, teams)

5
endpoints/api/team.py
View file

@ -108,7 +108,7 @@ def disallow_for_synced_team(except_robots=False):
@wraps(func) @wraps(func)
def wrapper(self, *args, **kwargs): def wrapper(self, *args, **kwargs):
# Team syncing can only be enabled if we have a federated service. # Team syncing can only be enabled if we have a federated service.
if authentication.federated_service: if features.TEAM_SYNCING and authentication.federated_service:
orgname = kwargs['orgname'] orgname = kwargs['orgname']
teamname = kwargs['teamname'] teamname = kwargs['teamname']
if model.team.get_team_sync_information(orgname, teamname): if model.team.get_team_sync_information(orgname, teamname):
@ -208,6 +208,7 @@ class OrganizationTeam(ApiResource):
@resource('/v1/organization/<orgname>/team/<teamname>/syncing') @resource('/v1/organization/<orgname>/team/<teamname>/syncing')
@path_param('orgname', 'The name of the organization') @path_param('orgname', 'The name of the organization')
@path_param('teamname', 'The name of the team') @path_param('teamname', 'The name of the team')
@show_if(features.TEAM_SYNCING)
class OrganizationTeamSyncing(ApiResource): class OrganizationTeamSyncing(ApiResource):
""" Resource for managing syncing of a team by a backing group. """ """ Resource for managing syncing of a team by a backing group. """
@require_scope(scopes.ORG_ADMIN) @require_scope(scopes.ORG_ADMIN)
@ -290,7 +291,7 @@ class TeamMemberList(ApiResource):
'can_edit': edit_permission.can(), 'can_edit': edit_permission.can(),
} }
if authentication.federated_service: if features.TEAM_SYNCING and authentication.federated_service:
if SuperUserPermission().can() and AdministerOrganizationPermission(orgname).can(): if SuperUserPermission().can() and AdministerOrganizationPermission(orgname).can():
data['can_sync'] = { data['can_sync'] = {
'service': authentication.federated_service, 'service': authentication.federated_service,

4
static/directives/teams-manager.html
View file

@ -41,7 +41,7 @@
<table class="co-table" style="margin-top: 10px;"> <table class="co-table" style="margin-top: 10px;">
<thead> <thead>
<td class="options-col" ng-if="::Config.AUTHENTICATION_TYPE != 'Database'"></td> <td class="options-col" ng-if="::Config.AUTHENTICATION_TYPE != 'Database' && Features.TEAM_SYNCING"></td>
<td ng-class="TableService.tablePredicateClass('name', options.predicate, options.reverse)"> <td ng-class="TableService.tablePredicateClass('name', options.predicate, options.reverse)">
<a ng-click="TableService.orderBy('name', options)">Team Name</a> <a ng-click="TableService.orderBy('name', options)">Team Name</a>
</td> </td>
@ -66,7 +66,7 @@
<tr class="co-checkable-row" <tr class="co-checkable-row"
ng-repeat="team in orderedTeams.visibleEntries" ng-repeat="team in orderedTeams.visibleEntries"
bindonce> bindonce>
<td class="options-col" ng-if="::Config.AUTHENTICATION_TYPE != 'Database'"> <td class="options-col" ng-if="::Config.AUTHENTICATION_TYPE != 'Database' && Features.TEAM_SYNCING">
<i class="fa fa-refresh" ng-if="team.is_synced" data-title="Team is synchronized with a backing group" bs-tooltip></i> <i class="fa fa-refresh" ng-if="team.is_synced" data-title="Team is synchronized with a backing group" bs-tooltip></i>
</td> </td>
<td style="white-space: nowrap;"> <td style="white-space: nowrap;">

3
static/js/directives/ui/teams-manager.js
View file

@ -12,9 +12,10 @@ angular.module('quay').directive('teamsManager', function () {
'organization': '=organization', 'organization': '=organization',
'isEnabled': '=isEnabled' 'isEnabled': '=isEnabled'
}, },
controller: function($scope, $element, ApiService, $timeout, UserService, TableService, UIService, Config) { controller: function($scope, $element, ApiService, $timeout, UserService, TableService, UIService, Config, Features) {
$scope.TableService = TableService; $scope.TableService = TableService;
$scope.Config = Config; $scope.Config = Config;
$scope.Features = Features;
$scope.options = { $scope.options = {
'predicate': 'ordered_team_index', 'predicate': 'ordered_team_index',

1
test/testconfig.py
View file

@ -94,3 +94,4 @@ class TestConfig(DefaultConfig):
RECAPTCHA_SECRET_KEY = 'somesecretkey' RECAPTCHA_SECRET_KEY = 'somesecretkey'
FEATURE_APP_REGISTRY = True FEATURE_APP_REGISTRY = True
FEATURE_TEAM_SYNCING = True

10
workers/teamsyncworker.py
View file

@ -1,6 +1,8 @@
import logging import logging
import time import time
import features
from app import app, authentication from app import app, authentication
from data.users.teamsync import sync_teams_to_groups from data.users.teamsync import sync_teams_to_groups
from workers.worker import Worker from workers.worker import Worker
@ -8,8 +10,8 @@ from util.timedeltastring import convert_to_timedelta
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
WORKER_FREQUENCY = app.config.get('TEAM_SYNC_WORKER_FREQUENCY', 10) WORKER_FREQUENCY = app.config.get('TEAM_SYNC_WORKER_FREQUENCY', 60)
STALE_CUTOFF = convert_to_timedelta(app.config.get('TEAM_RESYNC_STALE_TIME', '30s')) STALE_CUTOFF = convert_to_timedelta(app.config.get('TEAM_RESYNC_STALE_TIME', '30m'))
class TeamSynchronizationWorker(Worker): class TeamSynchronizationWorker(Worker):
""" Worker which synchronizes teams with their backing groups in LDAP/Keystone/etc. """ Worker which synchronizes teams with their backing groups in LDAP/Keystone/etc.
@ -25,8 +27,8 @@ class TeamSynchronizationWorker(Worker):
def main(): def main():
logging.config.fileConfig('conf/logging_debug.conf', disable_existing_loggers=False) logging.config.fileConfig('conf/logging_debug.conf', disable_existing_loggers=False)
if not authentication.federated_service: if not features.TEAM_SYNCING or not authentication.federated_service:
logger.debug('No federated auth is used; sleeping') logger.debug('Team syncing is disabled; sleeping')
while True: while True:
time.sleep(100000) time.sleep(100000)