Add feature flag for team syncing

config.py

@@ -432,3 +432,8 @@ class DefaultConfig(object):
 
   # Maximum size allowed for layers in the registry.
   MAXIMUM_LAYER_SIZE = '20G'
+
+  # Feature Flag: Whether team syncing from the backing auth is enabled.
+  FEATURE_TEAM_SYNCING = False
+  TEAM_RESYNC_STALE_TIME = '30m'
+  TEAM_SYNC_WORKER_FREQUENCY = 60 # seconds

endpoints/api/organization.py

@@ -159,7 +159,8 @@ class Organization(ApiResource):
 
     teams = None
     if OrganizationMemberPermission(orgname).can():
-      teams = model.team.get_teams_within_org(org, bool(authentication.federated_service))
+      has_syncing = features.TEAM_SYNCING and bool(authentication.federated_service)
+      teams = model.team.get_teams_within_org(org, has_syncing)
 
     return org_view(org, teams)
 

endpoints/api/team.py

@@ -108,7 +108,7 @@ def disallow_for_synced_team(except_robots=False):
     @wraps(func)
     def wrapper(self, *args, **kwargs):
       # Team syncing can only be enabled if we have a federated service.
-      if authentication.federated_service:
+      if features.TEAM_SYNCING and authentication.federated_service:
         orgname = kwargs['orgname']
         teamname = kwargs['teamname']
         if model.team.get_team_sync_information(orgname, teamname):
@@ -208,6 +208,7 @@ class OrganizationTeam(ApiResource):
 @resource('/v1/organization/<orgname>/team/<teamname>/syncing')
 @path_param('orgname', 'The name of the organization')
 @path_param('teamname', 'The name of the team')
+@show_if(features.TEAM_SYNCING)
 class OrganizationTeamSyncing(ApiResource):
   """ Resource for managing syncing of a team by a backing group. """
   @require_scope(scopes.ORG_ADMIN)
@@ -290,7 +291,7 @@ class TeamMemberList(ApiResource):
         'can_edit': edit_permission.can(),
       }
 
-      if authentication.federated_service:
+      if features.TEAM_SYNCING and authentication.federated_service:
         if SuperUserPermission().can() and AdministerOrganizationPermission(orgname).can():
           data['can_sync'] = {
             'service': authentication.federated_service,

static/directives/teams-manager.html

@@ -41,7 +41,7 @@
 
     <table class="co-table" style="margin-top: 10px;">
       <thead>
-        <td class="options-col" ng-if="::Config.AUTHENTICATION_TYPE != 'Database'"></td>
+        <td class="options-col" ng-if="::Config.AUTHENTICATION_TYPE != 'Database' && Features.TEAM_SYNCING"></td>
         <td ng-class="TableService.tablePredicateClass('name', options.predicate, options.reverse)">
           <a ng-click="TableService.orderBy('name', options)">Team Name</a>
         </td>
@@ -66,7 +66,7 @@
        <tr class="co-checkable-row"
            ng-repeat="team in orderedTeams.visibleEntries"
            bindonce>
-        <td class="options-col" ng-if="::Config.AUTHENTICATION_TYPE != 'Database'">
+        <td class="options-col" ng-if="::Config.AUTHENTICATION_TYPE != 'Database' && Features.TEAM_SYNCING">
           <i class="fa fa-refresh" ng-if="team.is_synced" data-title="Team is synchronized with a backing group" bs-tooltip></i>
         </td>
         <td style="white-space: nowrap;">

static/js/directives/ui/teams-manager.js

@@ -12,9 +12,10 @@ angular.module('quay').directive('teamsManager', function () {
       'organization': '=organization',
       'isEnabled': '=isEnabled'
     },
-    controller: function($scope, $element, ApiService, $timeout, UserService, TableService, UIService, Config) {
+    controller: function($scope, $element, ApiService, $timeout, UserService, TableService, UIService, Config, Features) {
       $scope.TableService = TableService;
       $scope.Config = Config;
+      $scope.Features = Features;
 
       $scope.options = {
         'predicate': 'ordered_team_index',

test/testconfig.py

@@ -94,3 +94,4 @@ class TestConfig(DefaultConfig):
   RECAPTCHA_SECRET_KEY = 'somesecretkey'
 
   FEATURE_APP_REGISTRY = True
+  FEATURE_TEAM_SYNCING = True

workers/teamsyncworker.py

@@ -1,6 +1,8 @@
 import logging
 import time
 
+import features
+
 from app import app, authentication
 from data.users.teamsync import sync_teams_to_groups
 from workers.worker import Worker
@@ -8,8 +10,8 @@ from util.timedeltastring import convert_to_timedelta
 
 logger = logging.getLogger(__name__)
 
-WORKER_FREQUENCY = app.config.get('TEAM_SYNC_WORKER_FREQUENCY', 10)
-STALE_CUTOFF = convert_to_timedelta(app.config.get('TEAM_RESYNC_STALE_TIME', '30s'))
+WORKER_FREQUENCY = app.config.get('TEAM_SYNC_WORKER_FREQUENCY', 60)
+STALE_CUTOFF = convert_to_timedelta(app.config.get('TEAM_RESYNC_STALE_TIME', '30m'))
 
 class TeamSynchronizationWorker(Worker):
   """ Worker which synchronizes teams with their backing groups in LDAP/Keystone/etc.
@@ -25,8 +27,8 @@ class TeamSynchronizationWorker(Worker):
 def main():
   logging.config.fileConfig('conf/logging_debug.conf', disable_existing_loggers=False)
 
-  if not authentication.federated_service:
-    logger.debug('No federated auth is used; sleeping')
+  if not features.TEAM_SYNCING or not authentication.federated_service:
+    logger.debug('Team syncing is disabled; sleeping')
     while True:
       time.sleep(100000)