diff --git a/docs/gl_objects/groups.rst b/docs/gl_objects/groups.rst index d24e53c56..9eddcd9ba 100644 --- a/docs/gl_objects/groups.rst +++ b/docs/gl_objects/groups.rst @@ -171,3 +171,18 @@ Remove a member from the group:: group.members.delete(member_id) # or member.delete() + +LDAP group links +================ + +Add an LDAP group link to an existing GitLab group:: + + group.add_ldap_group_link(ldap_group_cn, gitlab.DEVELOPER_ACCESS, 'main') + +Remove a link:: + + group.delete_ldap_group_link(ldap_group_cn, 'main') + +Sync the LDAP groups:: + + group.ldap_sync() diff --git a/gitlab/v4/objects.py b/gitlab/v4/objects.py index f5160e5cd..486c0f3ed 100644 --- a/gitlab/v4/objects.py +++ b/gitlab/v4/objects.py @@ -807,6 +807,61 @@ def search(self, scope, search, **kwargs): path = '/groups/%d/search' % self.get_id() return self.manager.gitlab.http_list(path, query_data=data, **kwargs) + @cli.register_custom_action('Group', ('cn', 'group_access', 'provider')) + @exc.on_http_error(exc.GitlabCreateError) + def add_ldap_group_link(self, cn, group_access, provider, **kwargs): + """Add an LDAP group link. + + Args: + cn (str): CN of the LDAP group + group_access (int): Minimum access level for members of the LDAP + group + provider (str): LDAP provider for the LDAP group + **kwargs: Extra options to send to the Gitlab server (e.g. sudo) + + Raises: + GitlabAuthenticationError: If authentication is not correct + GitlabCreateError: If the server cannot perform the request + """ + path = '/groups/%d/ldap_group_links' % self.get_id() + data = {'cn': cn, 'group_access': group_access, 'provider': provider} + self.manager.gitlab.http_post(path, post_data=data, **kwargs) + + @cli.register_custom_action('Group', ('cn',), ('provider',)) + @exc.on_http_error(exc.GitlabDeleteError) + def delete_ldap_group_link(self, cn, provider=None, **kwargs): + """Delete an LDAP group link. + + Args: + cn (str): CN of the LDAP group + provider (str): LDAP provider for the LDAP group + **kwargs: Extra options to send to the Gitlab server (e.g. sudo) + + Raises: + GitlabAuthenticationError: If authentication is not correct + GitlabDeleteError: If the server cannot perform the request + """ + path = '/groups/%d/ldap_group_links' % self.get_id() + if provider is not None: + path += '/%s' % provider + path += '/%s' % cn + self.manager.gitlab.http_delete(path) + + @cli.register_custom_action('Group') + @exc.on_http_error(exc.GitlabCreateError) + def ldap_sync(self, **kwargs): + """Sync LDAP groups. + + Args: + **kwargs: Extra options to send to the Gitlab server (e.g. sudo) + + Raises: + GitlabAuthenticationError: If authentication is not correct + GitlabCreateError: If the server cannot perform the request + """ + path = '/groups/%d/ldap_sync' % self.get_id() + self.manager.gitlab.http_post(path, **kwargs) + class GroupManager(CRUDMixin, RESTManager): _path = '/groups' diff --git a/tools/ee-test.py b/tools/ee-test.py index 77ccd2e88..512d983dc 100755 --- a/tools/ee-test.py +++ b/tools/ee-test.py @@ -7,6 +7,9 @@ P2 = 'root/project2' I_P1 = 1 I_P2 = 1 +G1 = 'group1' +LDAP_CN = 'app1' +LDAP_PROVIDER = 'ldapmain' def start_log(message): @@ -22,6 +25,7 @@ def end_log(): project2 = gl.projects.get(P2) issue_p1 = project1.issues.get(I_P1) issue_p2 = project2.issues.get(I_P2) +group1 = gl.groups.get(G1) start_log('MR approvals') approval = project1.approvals.get() @@ -52,3 +56,13 @@ def end_log(): link_id = links[0].issue_link_id issue_p1.links.delete(link_id) end_log() + +start_log('LDAP links') +# bit of cleanup just in case +if hasattr(group1, 'ldap_group_links'): + for link in group1.ldap_group_links: + group1.delete_ldap_group_link(link['cn'], link['provider']) +group1.add_ldap_group_link(LDAP_CN, 30, LDAP_PROVIDER) +group1.ldap_sync() +group1.delete_ldap_group_link(LDAP_CN) +end_log()