Skip to content

Commit 784872a

Browse files
committed
Built-in/reserved names:
Made these functions static. (They are always going to be the same in any instance.) Added function to get a list of Gitlab reserved group names that can't be used. When a reserved group name is used throw a warning, as it's important the administrator acts on potentially missed syncs.
1 parent fab2ace commit 784872a

1 file changed

Lines changed: 96 additions & 11 deletions

File tree

src/LdapSyncCommand.php

Lines changed: 96 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1352,7 +1352,7 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
13521352
continue;
13531353
}
13541354

1355-
if ($this->in_array_i($gitlabUserName, $this->getBuiltInUserNames())) {
1355+
if ($this->in_array_i($gitlabUserName, self::getBuiltInUserNames())) {
13561356
$this->logger?->info(sprintf("User \"%s\" in built in ignore list.", $gitlabUserName));
13571357
continue;
13581358
}
@@ -1373,7 +1373,7 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
13731373
// Create directory users of which don't exist in Gitlab
13741374
$this->logger?->notice("Creating directory users of which don't exist in Gitlab...");
13751375
foreach ($ldapUsers as $ldapUserName => $ldapUserDetails) {
1376-
if ($this->in_array_i($ldapUserName, $this->getBuiltInUserNames())) {
1376+
if ($this->in_array_i($ldapUserName, self::getBuiltInUserNames())) {
13771377
$this->logger?->info(sprintf("User \"%s\" in built in ignore list.", $ldapUserName));
13781378
continue;
13791379
}
@@ -1470,7 +1470,7 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
14701470
continue;
14711471
}
14721472

1473-
if ($this->in_array_i($gitlabUserName, $this->getBuiltInUserNames())) {
1473+
if ($this->in_array_i($gitlabUserName, self::getBuiltInUserNames())) {
14741474
$this->logger?->info(sprintf("User \"%s\" in built in ignore list.", $gitlabUserName));
14751475
continue;
14761476
}
@@ -1616,11 +1616,16 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
16161616
continue;
16171617
}
16181618

1619-
if ($this->in_array_i($gitlabGroupName, $this->getBuiltInGroups())) {
1619+
if ($this->in_array_i($gitlabGroupName, static::getBuiltInGroups())) {
16201620
$this->logger?->info(sprintf("Group \"%s\" in built-in ignore list.", $gitlabGroupName));
16211621
continue;
16221622
}
16231623

1624+
if ($this->in_array_i($gitlabGroupName, static::getReservedGroups())) {
1625+
$this->logger?->warning(sprintf("Group \"%s\" in built-in reserved list.", $gitlabGroupName));
1626+
continue;
1627+
}
1628+
16241629
$this->logger?->info(sprintf("Found Gitlab group #%d \"%s\" [%s].", $gitlabGroupId, $gitlabGroupName, $gitlabGroupPath));
16251630
if (isset($groupsSync["found"][$gitlabGroupId]) || $this->in_array_i($gitlabGroupName, $groupsSync["found"])) {
16261631
$this->logger?->warning(sprintf("Duplicate Gitlab group %d \"%s\" [%s].", $gitlabGroupId, $gitlabGroupName, $gitlabGroupPath));
@@ -1637,11 +1642,16 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
16371642
// Create directory groups of which don't exist in Gitlab
16381643
$this->logger?->notice("Creating directory groups of which don't exist in Gitlab...");
16391644
foreach ($ldapGroupsSafe as $ldapGroupName => $ldapGroupMembers) {
1640-
if ($this->in_array_i($ldapGroupName, $this->getBuiltInGroups())) {
1645+
if ($this->in_array_i($ldapGroupName, static::getBuiltInGroups())) {
16411646
$this->logger?->info(sprintf("Group \"%s\" in built-in ignore list.", $ldapGroupName));
16421647
continue;
16431648
}
16441649

1650+
if ($this->in_array_i($ldapGroupName, static::getReservedGroups())) {
1651+
$this->logger?->warning(sprintf("Group \"%s\" in built-in reserved list.", $ldapGroupName));
1652+
continue;
1653+
}
1654+
16451655
if ($this->in_array_i($ldapGroupName, $config["gitlab"]["options"]["groupNamesToIgnore"])) {
16461656
$this->logger?->info(sprintf("Group \"%s\" in ignore list.", $ldapGroupName));
16471657
continue;
@@ -1676,11 +1686,16 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
16761686
// Delete Gitlab groups of which don't exist in directory
16771687
$this->logger?->notice("Deleting Gitlab groups of which don't exist in directory...");
16781688
foreach ($groupsSync["found"] as $gitlabGroupId => $gitlabGroupName) {
1679-
if ($this->in_array_i($gitlabGroupName, $this->getBuiltInGroups())) {
1689+
if ($this->in_array_i($gitlabGroupName, static::getBuiltInGroups())) {
16801690
$this->logger?->info(sprintf("Group \"%s\" in built-in ignore list.", $gitlabGroupName));
16811691
continue;
16821692
}
16831693

1694+
if ($this->in_array_i($gitlabGroupName, static::getReservedGroups())) {
1695+
$this->logger?->warning(sprintf("Group \"%s\" in built-in reserved list.", $gitlabGroupName));
1696+
continue;
1697+
}
1698+
16841699
if ($this->in_array_i($gitlabGroupName, $config["gitlab"]["options"]["groupNamesToIgnore"])) {
16851700
$this->logger?->info(sprintf("Group \"%s\" in ignore list.", $gitlabGroupName));
16861701
continue;
@@ -1728,11 +1743,16 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
17281743
continue;
17291744
}
17301745

1731-
if ($this->in_array_i($gitlabGroupName, $this->getBuiltInGroups())) {
1746+
if ($this->in_array_i($gitlabGroupName, static::getBuiltInGroups())) {
17321747
$this->logger?->info(sprintf("Group \"%s\" in built-in ignore list.", $gitlabGroupName));
17331748
continue;
17341749
}
17351750

1751+
if ($this->in_array_i($gitlabGroupName, static::getReservedGroups())) {
1752+
$this->logger?->warning(sprintf("Group \"%s\" in built-in reserved list.", $gitlabGroupName));
1753+
continue;
1754+
}
1755+
17361756
if ($this->in_array_i($gitlabGroupName, $config["gitlab"]["options"]["groupNamesToIgnore"])) {
17371757
$this->logger?->info(sprintf("Group \"%s\" in ignore list.", $gitlabGroupName));
17381758
continue;
@@ -1780,11 +1800,16 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
17801800

17811801
$this->logger?->notice("Synchronising Gitlab group members with directory group members...");
17821802
foreach ($groupsToSyncMembership as $gitlabGroupId => $gitlabGroupName) {
1783-
if ($this->in_array_i($gitlabGroupName, $this->getBuiltInGroups())) {
1803+
if ($this->in_array_i($gitlabGroupName, static::getBuiltInGroups())) {
17841804
$this->logger?->info(sprintf("Group \"%s\" in built-in ignore list.", $gitlabGroupName));
17851805
continue;
17861806
}
17871807

1808+
if ($this->in_array_i($gitlabGroupName, static::getReservedGroups())) {
1809+
$this->logger?->warning(sprintf("Group \"%s\" in built-in reserved list.", $gitlabGroupName));
1810+
continue;
1811+
}
1812+
17881813
if ($this->in_array_i($gitlabGroupName, $config["gitlab"]["options"]["groupNamesToIgnore"])) {
17891814
$this->logger?->info(sprintf("Group \"%s\" in ignore list.", $gitlabGroupName));
17901815
continue;
@@ -1866,11 +1891,16 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
18661891
continue;
18671892
}
18681893

1869-
if ($this->in_array_i($gitlabUserName, $this->getBuiltInUserNames())) {
1894+
if ($this->in_array_i($gitlabUserName, self::getBuiltInUserNames())) {
18701895
$this->logger?->info(sprintf("User \"%s\" in built in ignore list.", $gitlabUserName));
18711896
continue;
18721897
}
18731898

1899+
if ($this->in_array_i($gitlabUserName, $config["gitlab"]["options"]["userNamesToIgnore"])) {
1900+
$this->logger?->info(sprintf("User \"%s\" in ignore list.", $gitlabUserName));
1901+
continue;
1902+
}
1903+
18741904
$this->logger?->info(sprintf("Found Gitlab group member #%d \"%s\".", $gitlabUserId, $gitlabUserName));
18751905
if (isset($userGroupMembersSync["found"][$gitlabUserId]) || $this->in_array_i($gitlabUserName, $userGroupMembersSync["found"])) {
18761906
$this->logger?->warning(sprintf("Duplicate Gitlab group member #%d \"%s\".", $gitlabUserId, $gitlabUserName));
@@ -2028,7 +2058,7 @@ private function generateRandomPassword(int $length): string
20282058
* Get a list of built-in user names, of which should be ignored by this application.
20292059
* @return string[]
20302060
*/
2031-
private function getBuiltInUserNames(): array
2061+
private static function getBuiltInUserNames(): array
20322062
{
20332063
return ["root", "ghost", "support-bot", "alert-bot"];
20342064
}
@@ -2037,11 +2067,66 @@ private function getBuiltInUserNames(): array
20372067
* Get a list of built-in group names, of which should be ignored by this application.
20382068
* @return string[]
20392069
*/
2040-
private function getBuiltInGroups(): array
2070+
private static function getBuiltInGroups(): array
20412071
{
20422072
return ["root", "lost-and-found", "Users"];
20432073
}
20442074

2075+
/**
2076+
* Get a list of reserved group names, of which must be ignored by this application.
2077+
* (The list is different for root and sub groups.)
2078+
* @see https://docs.gitlab.com/ee/user/reserved_names.html
2079+
* @param bool $isRootGroup Get the list
2080+
* @return string[]
2081+
*/
2082+
private static function getReservedGroups(bool $isRootGroup = true): array
2083+
{
2084+
return $isRootGroup
2085+
? [
2086+
"\\-",
2087+
".well-known",
2088+
"404.html",
2089+
"422.html",
2090+
"500.html",
2091+
"502.html",
2092+
"503.html",
2093+
"admin",
2094+
"api",
2095+
"apple-touch-icon.png",
2096+
"assets",
2097+
"dashboard",
2098+
"deploy.html",
2099+
"explore",
2100+
"favicon.ico",
2101+
"favicon.png",
2102+
"files",
2103+
"groups",
2104+
"health_check",
2105+
"help",
2106+
"import",
2107+
"jwt",
2108+
"login",
2109+
"oauth",
2110+
"profile",
2111+
"projects",
2112+
"public",
2113+
"robots.txt",
2114+
"s",
2115+
"search",
2116+
"sitemap",
2117+
"sitemap.xml",
2118+
"sitemap.xml.gz",
2119+
"slash-command-logo.png",
2120+
"snippets",
2121+
"unsubscribes",
2122+
"uploads",
2123+
"users",
2124+
"v2",
2125+
]
2126+
: ["\\-"]
2127+
;
2128+
}
2129+
20452130
/**
20462131
* Wait a bit of time between each Gitlab API request to avoid HTTP 500 errors when doing too many requests in a short time.
20472132
* @return void

0 commit comments

Comments
 (0)