Migrate data to system_access_group_microsoft_applications
-
Review changes -
-
Download -
Patches
-
Plain diff
What does this MR do and why?
Migrates data from SystemAccess::MicrosoftApplication to SystemAccess::GroupMicrosoftApplication . This is to enable the table to be split between instance application records for instance-wide SAML sync, and per-group application records for group-based SAML sync. This way we can shard the data appropriately for Cells.
- Adds a migration to copy all group-SAML records to the new table
- Updates logic to write changes to both tables during the transition
- Adds feature flag to control which table is read from by application controllers and SAML sync workers
- Adds specs to ensure the new and old tables are compatible in all call-sites
During the transition to using the new table, data will be written to both tables so that we can seamlessly enable and disable the feature flag without disruption for users.
References
Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.
- original issue: #495499 (closed)
- also implements: #495500 (closed)
- rollout for feature flag: #512497
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
No user-visible changes
How to set up and validate locally
Before switching to this branch:
- Ensure you have a SAML provider configured in gitlab.yml , and also the
group_samlprovider enabled. You may need to be simulating a SaaS instance - Go to https://gdk.test:3443/admin/application_settings/general and set up the Azure Integration under "Microsoft Azure Integration" (you do not have to use real values for client-xid and token)
- Go to the group settings page for a group with SAML SSO configured, for example https://gdk.test:3443/groups/atevans-sso/-/saml and set up the data under "Microsoft Azure Integration"
- Ensure the data is populated in the
system_access_microsoft_applicationstable
Switch to this branch, and then:
- Run migrations
- Ensure the group saml entry in
system_access_microsoft_applicationsis copied tosystem_access_group_microsoft_applications - On the Rails console, load the group and validate that the MicrosoftApplication is reachable:
group = Group.find_by_path('atevans-sso') group.system_access_microsoft_application - Update the data for the group's Azure integration, changing the
client-xidorgraph_endpointvalues - Validate that the change is written to both tables
- Enable the feature flag:
::Feature.enable(:group_microsoft_applications_table) - Quit and restart the Rails console session to refresh the feature flag cache
- Validate that the model now returns the new GroupMicrosoftApplication object:
group = Group.find_by_path('atevans-sso') group.system_access_microsoft_application - Update the group's "Microsoft Azure Integration" values again in the web UI
- Validate on the console that the
GroupMicrosoftApplicationrecord was updated - Validate on the console that the legacy
MicrosoftApplicationrecord was also updated
Related to #495499 (closed)
Merge request reports
- latest versionfe81d1916 commits,
- version 1457936e6b5 commits,
- version 13f4fbf3614 commits,
- version 12bc2055ad3 commits,
- version 11d9f64be42 commits,
- version 100aea30a55 commits,
- version 9de50a6264 commits,
- version 8b2cc00703 commits,
- version 760b8c5972 commits,
- version 6ffb9ea585 commits,
- version 5cf086e8e4 commits,
- version 4ff75d6f93 commits,
- version 311d1c24b2 commits,
- version 2085bc85d1 commit,
- version 19133c1712 commits,
- Side-by-side
- Inline