Pass organization_id as parameter to Users::CreateService
What does this MR do and why?
As part of cell projects, we are working on introducing Organizations. All Namespaces will have an organization. This means we need to assign an Organization when we create a namespace.
This MR is part the effort of adding Organization to User Namespaces (also known as Personal Namespaces). User namespaces are created using the User.assign_personal_namespace
method.
In a previous MR, we added a new optional Organization parameter to that method. And as a follow up, we need to update all code paths that are creating users to specify what Organization should be assigned.
This MR is focussing on user creation logic that is going through Users::CreateService
- Web: Use
Current.organization
for newly created Users namespaces - Initial admin user for new installation: Use the Default Organization (Self-managed will still need Default Organization)
- API: Group Service Account: Use the organization of the Group they are created for
- API: Instance-wide Service Account: Use
Current.organization
Code paths: based on git grep Users::CreateService
. The files marked bold are the entry points of the code paths
-
Users::CreateService
- db/fixtures/production/003_admin.rb
- app/controllers/admin/users_controller.rb
- ee/app/services/users/service_accounts/create_service.rb
- ee/lib/api/service_accounts.rb
- ee/app/services/namespaces/service_accounts/create_service.rb
- ee/lib/api/group_service_accounts.rb
Related to #443494 (closed)
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
Preparation:
- Using rails console: create a new organization:
Organizations::Organization.create!(name: "My Company", path: 'my-company')
- Enable feature flag
Feature.enable(:current_organization_middleware)
- Configure your browser to use a custom http header:
GITLAB_ORGANIZATION_ID
should be set to the newly created organization id, for example1000
. I used this one for Chrome - Create a personal access token for user
root
Test 1: Create users using web interface
- Using GDK: login as admin and go to http://localhost:3000/admin/users
- Create a new user
- Using rails console: check if this new user has an organization associated:
User.last.namespace.organization
should return the newly created organization ("My Company")
Test 2: Service account endpoint
curl --request POST --header "PRIVATE-TOKEN: <TOKEN>" "http://localhost:3000/api/v4/service_accounts"
- Organization of user namespace should be 'Default'
curl --request POST --header "GITLAB_ORGANIZATION_ID: 1000" --header "PRIVATE-TOKEN: <TOKEN>" "http://localhost:3000/api/v4/service_accounts"
- Organization of newly created user should be 'My Company'
For service accounts created for groups, we use the organization of the group, http header is ignored
curl --request POST --header "PRIVATE-TOKEN: <TOKEN>" "http://localhost:3000/api/v4/groups/22/service_accounts"
- Organization of user namespace should be 'Default' (because it is the organization of the group)
curl --request POST --header "GITLAB_ORGANIZATION_ID: 1000" --header "PRIVATE-TOKEN: <TOKEN>" "http://localhost:3000/api/v4/groups/22/service_accounts"
- Organization of newly created user should be 'Default' (because it is the organization of the group)
Test 3: Production seed
- Create new VM using GCP Compute engine
- Upload and install omnibus package created from this branch
- Result:
- Namespace for owner_id 1 should be 1
- Default organization is created in
organizations
table