Add feature flag for team syncing
This commit is contained in:
		
							parent
							
								
									96b9d6b0cd
								
							
						
					
					
						commit
						04225f2d25
					
				
					 7 changed files with 21 additions and 10 deletions
				
			
		|  | @ -432,3 +432,8 @@ class DefaultConfig(object): | |||
| 
 | ||||
|   # Maximum size allowed for layers in the registry. | ||||
|   MAXIMUM_LAYER_SIZE = '20G' | ||||
| 
 | ||||
|   # Feature Flag: Whether team syncing from the backing auth is enabled. | ||||
|   FEATURE_TEAM_SYNCING = False | ||||
|   TEAM_RESYNC_STALE_TIME = '30m' | ||||
|   TEAM_SYNC_WORKER_FREQUENCY = 60 # seconds | ||||
|  |  | |||
|  | @ -159,7 +159,8 @@ class Organization(ApiResource): | |||
| 
 | ||||
|     teams = None | ||||
|     if OrganizationMemberPermission(orgname).can(): | ||||
|       teams = model.team.get_teams_within_org(org, bool(authentication.federated_service)) | ||||
|       has_syncing = features.TEAM_SYNCING and bool(authentication.federated_service) | ||||
|       teams = model.team.get_teams_within_org(org, has_syncing) | ||||
| 
 | ||||
|     return org_view(org, teams) | ||||
| 
 | ||||
|  |  | |||
|  | @ -108,7 +108,7 @@ def disallow_for_synced_team(except_robots=False): | |||
|     @wraps(func) | ||||
|     def wrapper(self, *args, **kwargs): | ||||
|       # Team syncing can only be enabled if we have a federated service. | ||||
|       if authentication.federated_service: | ||||
|       if features.TEAM_SYNCING and authentication.federated_service: | ||||
|         orgname = kwargs['orgname'] | ||||
|         teamname = kwargs['teamname'] | ||||
|         if model.team.get_team_sync_information(orgname, teamname): | ||||
|  | @ -208,6 +208,7 @@ class OrganizationTeam(ApiResource): | |||
| @resource('/v1/organization/<orgname>/team/<teamname>/syncing') | ||||
| @path_param('orgname', 'The name of the organization') | ||||
| @path_param('teamname', 'The name of the team') | ||||
| @show_if(features.TEAM_SYNCING) | ||||
| class OrganizationTeamSyncing(ApiResource): | ||||
|   """ Resource for managing syncing of a team by a backing group. """ | ||||
|   @require_scope(scopes.ORG_ADMIN) | ||||
|  | @ -290,7 +291,7 @@ class TeamMemberList(ApiResource): | |||
|         'can_edit': edit_permission.can(), | ||||
|       } | ||||
| 
 | ||||
|       if authentication.federated_service: | ||||
|       if features.TEAM_SYNCING and authentication.federated_service: | ||||
|         if SuperUserPermission().can() and AdministerOrganizationPermission(orgname).can(): | ||||
|           data['can_sync'] = { | ||||
|             'service': authentication.federated_service, | ||||
|  |  | |||
|  | @ -41,7 +41,7 @@ | |||
| 
 | ||||
|     <table class="co-table" style="margin-top: 10px;"> | ||||
|       <thead> | ||||
|         <td class="options-col" ng-if="::Config.AUTHENTICATION_TYPE != 'Database'"></td> | ||||
|         <td class="options-col" ng-if="::Config.AUTHENTICATION_TYPE != 'Database' && Features.TEAM_SYNCING"></td> | ||||
|         <td ng-class="TableService.tablePredicateClass('name', options.predicate, options.reverse)"> | ||||
|           <a ng-click="TableService.orderBy('name', options)">Team Name</a> | ||||
|         </td> | ||||
|  | @ -66,7 +66,7 @@ | |||
|        <tr class="co-checkable-row" | ||||
|            ng-repeat="team in orderedTeams.visibleEntries" | ||||
|            bindonce> | ||||
|         <td class="options-col" ng-if="::Config.AUTHENTICATION_TYPE != 'Database'"> | ||||
|         <td class="options-col" ng-if="::Config.AUTHENTICATION_TYPE != 'Database' && Features.TEAM_SYNCING"> | ||||
|           <i class="fa fa-refresh" ng-if="team.is_synced" data-title="Team is synchronized with a backing group" bs-tooltip></i> | ||||
|         </td> | ||||
|         <td style="white-space: nowrap;"> | ||||
|  |  | |||
|  | @ -12,9 +12,10 @@ angular.module('quay').directive('teamsManager', function () { | |||
|       'organization': '=organization', | ||||
|       'isEnabled': '=isEnabled' | ||||
|     }, | ||||
|     controller: function($scope, $element, ApiService, $timeout, UserService, TableService, UIService, Config) { | ||||
|     controller: function($scope, $element, ApiService, $timeout, UserService, TableService, UIService, Config, Features) { | ||||
|       $scope.TableService = TableService; | ||||
|       $scope.Config = Config; | ||||
|       $scope.Features = Features; | ||||
| 
 | ||||
|       $scope.options = { | ||||
|         'predicate': 'ordered_team_index', | ||||
|  |  | |||
|  | @ -94,3 +94,4 @@ class TestConfig(DefaultConfig): | |||
|   RECAPTCHA_SECRET_KEY = 'somesecretkey' | ||||
| 
 | ||||
|   FEATURE_APP_REGISTRY = True | ||||
|   FEATURE_TEAM_SYNCING = True | ||||
|  |  | |||
|  | @ -1,6 +1,8 @@ | |||
| import logging | ||||
| import time | ||||
| 
 | ||||
| import features | ||||
| 
 | ||||
| from app import app, authentication | ||||
| from data.users.teamsync import sync_teams_to_groups | ||||
| from workers.worker import Worker | ||||
|  | @ -8,8 +10,8 @@ from util.timedeltastring import convert_to_timedelta | |||
| 
 | ||||
| logger = logging.getLogger(__name__) | ||||
| 
 | ||||
| WORKER_FREQUENCY = app.config.get('TEAM_SYNC_WORKER_FREQUENCY', 10) | ||||
| STALE_CUTOFF = convert_to_timedelta(app.config.get('TEAM_RESYNC_STALE_TIME', '30s')) | ||||
| WORKER_FREQUENCY = app.config.get('TEAM_SYNC_WORKER_FREQUENCY', 60) | ||||
| STALE_CUTOFF = convert_to_timedelta(app.config.get('TEAM_RESYNC_STALE_TIME', '30m')) | ||||
| 
 | ||||
| class TeamSynchronizationWorker(Worker): | ||||
|   """ Worker which synchronizes teams with their backing groups in LDAP/Keystone/etc. | ||||
|  | @ -25,8 +27,8 @@ class TeamSynchronizationWorker(Worker): | |||
| def main(): | ||||
|   logging.config.fileConfig('conf/logging_debug.conf', disable_existing_loggers=False) | ||||
| 
 | ||||
|   if not authentication.federated_service: | ||||
|     logger.debug('No federated auth is used; sleeping') | ||||
|   if not features.TEAM_SYNCING or not authentication.federated_service: | ||||
|     logger.debug('Team syncing is disabled; sleeping') | ||||
|     while True: | ||||
|       time.sleep(100000) | ||||
| 
 | ||||
|  |  | |||
		Reference in a new issue