teamsync: run team sync worker for teams synced via ldap or keystone …

…(PROJQUAY-6762) (quay#2788) * teamsync: run team sync worker for teams synced via ldap or keystone (PROJQUAY-6762) * fix comment * adding test * isort fix
Marcusk19 · Apr 29, 2024 · 6bf6c2b · 6bf6c2b
1 parent 165dc6c
commit 6bf6c2b
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 7 deletions.
diff --git a/data/model/team.py b/data/model/team.py
@@ -497,7 +497,7 @@ def remove_team_syncing(orgname, teamname):
         existing.delete_instance()
 
 
-def get_stale_team(stale_timespan):
+def get_stale_team(stale_timespan, login_services):
     """
     Returns a team that is setup to sync to an external group, and who has not been synced in.
 
@@ -508,7 +508,11 @@ def get_stale_team(stale_timespan):
     try:
         candidates = (
             TeamSync.select(TeamSync.id)
-            .where((TeamSync.last_updated <= stale_at) | (TeamSync.last_updated >> None))
+            .join(LoginService)
+            .where(
+                LoginService.name << login_services,
+                (TeamSync.last_updated <= stale_at) | (TeamSync.last_updated >> None),
+            )
             .limit(500)
             .alias("candidates")
         )

diff --git a/data/users/externaloidc.py b/data/users/externaloidc.py
@@ -43,6 +43,12 @@ def is_superuser(self, username: str):
         """
         return None
 
+    def iterate_group_members(self, group_lookup_args, page_size=None, disable_pagination=False):
+        """
+        Used by teamSync worker, unsupported for oidc team sync
+        """
+        return (None, "Not supported")
+
     def verify_credentials(self, username_or_email, password):
         """
         Unsupported to login via username/email and password

diff --git a/data/users/teamsync.py b/data/users/teamsync.py
@@ -17,9 +17,10 @@ def sync_teams_to_groups(authentication, stale_cutoff):
     logger.debug("Looking up teams to sync to groups")
 
     sync_team_tried = set()
+    supported_services = ["ldap", "keystone"]
     while len(sync_team_tried) < MAX_TEAMS_PER_ITERATION:
         # Find a stale team.
-        stale_team_sync = model.team.get_stale_team(stale_cutoff)
+        stale_team_sync = model.team.get_stale_team(stale_cutoff, supported_services)
         if not stale_team_sync:
             logger.debug("No additional stale team found; sleeping")
             return
@@ -82,7 +83,7 @@ def sync_team(authentication, stale_team_sync):
     # Collect all the members currently found in the group, adding them to the team as we go
     # along.
     group_membership = set()
-    for (member_info, err) in member_iterator:
+    for member_info, err in member_iterator:
         if err is not None:
             logger.error("Got error when trying to construct a member: %s", err)
             continue

diff --git a/data/users/test/test_teamsync.py b/data/users/test/test_teamsync.py
@@ -1,15 +1,15 @@
 import os
 from datetime import datetime, timedelta
-from test.fixtures import *
-from test.test_keystone_auth import fake_keystone
-from test.test_ldap import mock_ldap
 
 import pytest
 from mock import patch
 
 from data import database, model
 from data.users.federated import FederatedUsers, UserInformation
 from data.users.teamsync import sync_team, sync_teams_to_groups
+from test.fixtures import *
+from test.test_keystone_auth import fake_keystone
+from test.test_ldap import mock_ldap
 from util.names import parse_robot_username
 
 _FAKE_AUTH = "fake"
@@ -362,3 +362,21 @@ def test_teamsync_existing_email(
 
         team_members = list(model.team.list_team_users(sync_team_info.team))
         assert len(team_members) > 0
+
+
+def test_get_stale_team_for_unsupported_login_service(initialized_db):
+    dev_user = model.user.get_user("devtable")
+    org = model.organization.create_organization("testorg", "testorg" + "@example.com", dev_user)
+
+    database.LoginService.create(name=_FAKE_AUTH)
+    team1 = model.team.create_team("team1", org, "member", "Some synced team.")
+    model.team.set_team_syncing(team1, "oidc", {"group_dn": "cn=Test-Group,ou=Users"})
+
+    sync_team_info = model.team.get_team_sync_information("testorg", "team1")
+    assert sync_team_info.last_updated is None
+
+    fake_auth = FakeUsers([])
+    sync_teams_to_groups(fake_auth, timedelta(seconds=20))
+
+    updated_sync_info = model.team.get_team_sync_information("testorg", "team1")
+    assert updated_sync_info.last_updated is None