Skip to content

Pass organization_id as parameter to Users::CreateService

Rutger Wessels requested to merge 443494-user-create-service-pass-organization into master

What does this MR do and why?

As part of cell projects, we are working on introducing Organizations. All Namespaces will have an organization. This means we need to assign an Organization when we create a namespace.

This MR is part the effort of adding Organization to User Namespaces (also known as Personal Namespaces). User namespaces are created using the User.assign_personal_namespace method.

In a previous MR, we added a new optional Organization parameter to that method. And as a follow up, we need to update all code paths that are creating users to specify what Organization should be assigned.

This MR is focussing on user creation logic that is going through Users::CreateService

  • Web: Use Current.organization for newly created Users namespaces
  • Initial admin user for new installation: Use the Default Organization (Self-managed will still need Default Organization)
  • API: Group Service Account: Use the organization of the Group they are created for
  • API: Instance-wide Service Account: Use Current.organization

Code paths: based on git grep Users::CreateService. The files marked bold are the entry points of the code paths

  • Users::CreateService
    • db/fixtures/production/003_admin.rb
    • app/controllers/admin/users_controller.rb
    • ee/app/services/users/service_accounts/create_service.rb
      • ee/lib/api/service_accounts.rb
      • ee/app/services/namespaces/service_accounts/create_service.rb
        • ee/lib/api/group_service_accounts.rb

Related to #443494 (closed)

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

Preparation:

  • Using rails console: create a new organization: Organizations::Organization.create!(name: "My Company", path: 'my-company')
  • Enable feature flag Feature.enable(:current_organization_middleware)
  • Configure your browser to use a custom http header: GITLAB_ORGANIZATION_ID should be set to the newly created organization id, for example 1000 . I used this one for Chrome
  • Create a personal access token for user root

Test 1: Create users using web interface

  • Using GDK: login as admin and go to http://localhost:3000/admin/users
  • Create a new user
  • Using rails console: check if this new user has an organization associated: User.last.namespace.organization should return the newly created organization ("My Company")

Test 2: Service account endpoint

  • curl --request POST --header "PRIVATE-TOKEN: <TOKEN>" "http://localhost:3000/api/v4/service_accounts"
  • Organization of user namespace should be 'Default'
  • curl --request POST --header "GITLAB_ORGANIZATION_ID: 1000" --header "PRIVATE-TOKEN: <TOKEN>" "http://localhost:3000/api/v4/service_accounts"
  • Organization of newly created user should be 'My Company'

For service accounts created for groups, we use the organization of the group, http header is ignored

  • curl --request POST --header "PRIVATE-TOKEN: <TOKEN>" "http://localhost:3000/api/v4/groups/22/service_accounts"
  • Organization of user namespace should be 'Default' (because it is the organization of the group)
  • curl --request POST --header "GITLAB_ORGANIZATION_ID: 1000" --header "PRIVATE-TOKEN: <TOKEN>" "http://localhost:3000/api/v4/groups/22/service_accounts"
  • Organization of newly created user should be 'Default' (because it is the organization of the group)

Test 3: Production seed

  • Create new VM using GCP Compute engine
  • Upload and install omnibus package created from this branch
  • Result:
    • Namespace for owner_id 1 should be 1
    • Default organization is created in organizations table
Edited by Rutger Wessels

Merge request reports