From 8666f497ff13c100f6cd2339971e430dbf05470f Mon Sep 17 00:00:00 2001 From: Valery Sizov Date: Sat, 11 Apr 2015 17:56:45 +0300 Subject: fix ldap identities --- db/migrate/20150411000035_fix_identities.rb | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 db/migrate/20150411000035_fix_identities.rb (limited to 'db/migrate') diff --git a/db/migrate/20150411000035_fix_identities.rb b/db/migrate/20150411000035_fix_identities.rb new file mode 100644 index 00000000000..12526b10e6e --- /dev/null +++ b/db/migrate/20150411000035_fix_identities.rb @@ -0,0 +1,16 @@ +class FixIdentities < ActiveRecord::Migration + def up + new_provider = Gitlab.config.ldap.servers.first.last['provider_name'] + # Delete duplicate identities + Identity.connection.select_one("DELETE FROM identities WHERE provider = 'ldap' AND user_id IN (SELECT user_id FROM identities WHERE provider = '#{new_provider}')") + # Update legacy identities + Identity.where(provider: 'ldap').update_all(provider: new_provider) + + if defined?(LdapGroupLink) + LdapGroupLink.where('provider IS NULL').update_all(provider: new_provider) + end + end + + def down + end +end -- cgit v1.2.3 From 896ea2482bd78f3683140bb8aa08f0583a58361e Mon Sep 17 00:00:00 2001 From: Dmitriy Zaporozhets Date: Mon, 13 Apr 2015 11:50:21 +0300 Subject: Change migration to SQL Signed-off-by: Dmitriy Zaporozhets --- db/migrate/20150411000035_fix_identities.rb | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'db/migrate') diff --git a/db/migrate/20150411000035_fix_identities.rb b/db/migrate/20150411000035_fix_identities.rb index 12526b10e6e..93beb046d78 100644 --- a/db/migrate/20150411000035_fix_identities.rb +++ b/db/migrate/20150411000035_fix_identities.rb @@ -1,13 +1,15 @@ class FixIdentities < ActiveRecord::Migration def up new_provider = Gitlab.config.ldap.servers.first.last['provider_name'] + # Delete duplicate identities - Identity.connection.select_one("DELETE FROM identities WHERE provider = 'ldap' AND user_id IN (SELECT user_id FROM identities WHERE provider = '#{new_provider}')") - # Update legacy identities - Identity.where(provider: 'ldap').update_all(provider: new_provider) + execute "DELETE FROM identities WHERE provider = 'ldap' AND user_id IN (SELECT user_id FROM identities WHERE provider = '#{new_provider}')" + + # Update legacy identities + execute "UPDATE identities SET provider = '#{new_provider}' WHERE provider = 'ldap';" if defined?(LdapGroupLink) - LdapGroupLink.where('provider IS NULL').update_all(provider: new_provider) + execute "UPDATE ldap_group_links SET provider = '#{new_provider}' WHERE provider IS NULL;" end end -- cgit v1.2.3 From f64db1fab95751bc2b1cf04641bb031d6289d16b Mon Sep 17 00:00:00 2001 From: Jacob Vosmaer Date: Mon, 13 Apr 2015 11:22:31 +0200 Subject: Try to explain what we are doing --- db/migrate/20150411000035_fix_identities.rb | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'db/migrate') diff --git a/db/migrate/20150411000035_fix_identities.rb b/db/migrate/20150411000035_fix_identities.rb index 93beb046d78..b65ad138b0f 100644 --- a/db/migrate/20150411000035_fix_identities.rb +++ b/db/migrate/20150411000035_fix_identities.rb @@ -1,5 +1,14 @@ class FixIdentities < ActiveRecord::Migration def up + # Up until now, legacy 'ldap' references in the database were charitably + # interpreted to point to the first LDAP server specified in the GitLab + # configuration. So if the database said 'provider: ldap' but the first + # LDAP server was called 'ldapmain', then we would try to interpret + # 'provider: ldap' as if it said 'provider: ldapmain'. This migration (and + # accompanying changes in the GitLab LDAP code) get rid of this complicated + # behavior. Any database references to 'provider: ldap' get rewritten to + # whatever the code would have interpreted it as, i.e. as a reference to + # the first LDAP server specified in gitlab.yml / gitlab.rb. new_provider = Gitlab.config.ldap.servers.first.last['provider_name'] # Delete duplicate identities -- cgit v1.2.3 From 04f05ac1fb43904229bc084813dab92e82343f02 Mon Sep 17 00:00:00 2001 From: Dmitriy Zaporozhets Date: Mon, 13 Apr 2015 12:26:04 +0300 Subject: Check for table instead of class --- db/migrate/20150411000035_fix_identities.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'db/migrate') diff --git a/db/migrate/20150411000035_fix_identities.rb b/db/migrate/20150411000035_fix_identities.rb index b65ad138b0f..e86264b166a 100644 --- a/db/migrate/20150411000035_fix_identities.rb +++ b/db/migrate/20150411000035_fix_identities.rb @@ -11,13 +11,13 @@ class FixIdentities < ActiveRecord::Migration # the first LDAP server specified in gitlab.yml / gitlab.rb. new_provider = Gitlab.config.ldap.servers.first.last['provider_name'] - # Delete duplicate identities + # Delete duplicate identities execute "DELETE FROM identities WHERE provider = 'ldap' AND user_id IN (SELECT user_id FROM identities WHERE provider = '#{new_provider}')" # Update legacy identities execute "UPDATE identities SET provider = '#{new_provider}' WHERE provider = 'ldap';" - if defined?(LdapGroupLink) + if table_exists?('ldap_group_links') execute "UPDATE ldap_group_links SET provider = '#{new_provider}' WHERE provider IS NULL;" end end -- cgit v1.2.3 From 8b4705fea6297a23f708c59cbce3c8a3115128c0 Mon Sep 17 00:00:00 2001 From: Jacob Vosmaer Date: Mon, 13 Apr 2015 11:50:00 +0200 Subject: Make migration work if LDAP is disabled --- db/migrate/20150411000035_fix_identities.rb | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'db/migrate') diff --git a/db/migrate/20150411000035_fix_identities.rb b/db/migrate/20150411000035_fix_identities.rb index b65ad138b0f..297e7eaa5e9 100644 --- a/db/migrate/20150411000035_fix_identities.rb +++ b/db/migrate/20150411000035_fix_identities.rb @@ -9,9 +9,14 @@ class FixIdentities < ActiveRecord::Migration # behavior. Any database references to 'provider: ldap' get rewritten to # whatever the code would have interpreted it as, i.e. as a reference to # the first LDAP server specified in gitlab.yml / gitlab.rb. - new_provider = Gitlab.config.ldap.servers.first.last['provider_name'] + new_provider = if Gitlab.config.ldap.enabled + first_ldap_server = Gitlab.config.ldap.servers.values.first + first_ldap_server['provider_name'] + else + 'ldapmain' + end - # Delete duplicate identities + # Delete duplicate identities execute "DELETE FROM identities WHERE provider = 'ldap' AND user_id IN (SELECT user_id FROM identities WHERE provider = '#{new_provider}')" # Update legacy identities -- cgit v1.2.3 From afa47eddccc45ed9cfcd70891d4013c9f8d04d25 Mon Sep 17 00:00:00 2001 From: Jacob Vosmaer Date: Mon, 13 Apr 2015 11:56:35 +0200 Subject: Also ldap_group_links where provider='ldap' --- db/migrate/20150411000035_fix_identities.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'db/migrate') diff --git a/db/migrate/20150411000035_fix_identities.rb b/db/migrate/20150411000035_fix_identities.rb index d4c6e545204..8f11a96ab01 100644 --- a/db/migrate/20150411000035_fix_identities.rb +++ b/db/migrate/20150411000035_fix_identities.rb @@ -23,7 +23,7 @@ class FixIdentities < ActiveRecord::Migration execute "UPDATE identities SET provider = '#{new_provider}' WHERE provider = 'ldap';" if table_exists?('ldap_group_links') - execute "UPDATE ldap_group_links SET provider = '#{new_provider}' WHERE provider IS NULL;" + execute "UPDATE ldap_group_links SET provider = '#{new_provider}' WHERE provider IS NULL OR provider = 'ldap';" end end -- cgit v1.2.3