Added support to the accounts update_api action for two new settings
related to Microsoft Sync.
The first setting, microsoft_sync_login_attribute_suffix is the
suffix that will be appended to the result of
microsoft_sync_login_attribute for the purposes of syncing.
The second setting, microsoft_sync_remote_attribute, is the Active
Directory attribute that will be used to associate Canvas users to
Microsoft users.
For example, if you had a login attribute of sis_user_id, a suffix of
@example.com and a remote attribute of mailNickname, then a query to
Microsoft would combine a user's SIS ID with the suffix, for a result of
12345@example.com and would then query Microsoft to look for any user's
who had a mailNickname that matched this new ULUV (User LookUp Value).
Note that the Selenium tests for the UI had to be taken out, as the
current UI doesn't work with this new backend. They will be readded and
adjusted in the next commit.
In addition, added support for a new login_attribute named
integration_id. This gives schools even more flexibility when
configuring MSFT Sync.
Lastly, moved all of the settings validation code out of a concern and
into a class, which explicitly defines what dependencies the validation
code has, and also just makes more sense in general.
closes INTEROP-6921
flag = microsoft_group_enrollments_syncing
test-plan:
* You'll be sending PUT requests to /api/v1/accounts/#{account.id} where
the account.id is the id of the account you're using to test this. Use
any tool you'd like for this, like cURL or Postman.
* The body of your requests will look like this in JSON:
{
"account": {
"settings": {
<the name of each of the parameters
we're testing, such as
microsoft_sync_remote_attribute>
}
}
}
* Enable the microsoft_group_enrollments_syncing feature flag, either
through the UI or a rails console with
<account.root_account.enable_feature!(:microsoft_group_enrollments_syncing)>
* Send a request to the endpoint and set all of the fields to valid
values. The name of each field is:
microsoft_sync_enabled
microsoft_sync_tenant
microsoft_sync_login_attribute
microsoft_sync_login_attribute_suffix
microsoft_sync_remote_attribute
Enabled has to be a boolean, tenant has to be a valid domain name, the
login attribute has to be one of (email preferred_username
sis_user_id), the suffix can be anything under 255 characters without
whitespace, and the remote attribute must be one of
(userPrincipalName mail mailNickname)
This request should succeed with a 200. Send a GET request to the same
endpoint as above and ensure the settings have been saved.
* For each of the following requests, you should get a 400 with an error
message and the account settings shouldn't change.
* Send a request with a suffix over 255 characters.
* Send a request with a suffix with whitepspace in it.
* Send a request with an invalid remote attribute.
* Send a request trying to enable sync, but without specifying
any settings. You can also mix it up and specify only a few
settings. Note that the suffix is optional, so if you only
omit that setting, you won't get an error.
* Send a request to the same endpoint, this time without authorization.
It should fail with an auth required message.
* Turn the feature flag off and try and change some settings. You should
get a message saying the feature flag is off.
Change-Id: If80f278e2294515be3e0b8dbf38dd22303e016b1
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/269542
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Evan Battaglia <ebattaglia@instructure.com>
QA-Review: Evan Battaglia <ebattaglia@instructure.com>
Product-Review: Ryan Hawkins <ryan.hawkins@instructure.com>
Cody Cutrer